Re: PIE binaries and ASLR are on in the default build for amd64

To: current-users%netbsd.org@localhost
Subject: Re: PIE binaries and ASLR are on in the default build for amd64
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sun, 10 Apr 2016 16:42:45 +0000 (UTC)

In article <20160410153633.1BB9817FDAB%rebar.astron.com@localhost>,
Christos Zoulas <christos%zoulas.com@localhost> wrote:

In more detail:

1. MKPIE is now on, creating PIE binaries; this is done in bsd.own.mk.
   You can turn it by putting MKPIE=no in /etc/mk.conf.
2. The value of the sysctl security.pax.aslr.global has been set to 1.
   This means that by default all binaries are ran with ASLR on.
   (securiry.pax.aslr.enabled was already == 1).

Sysctls of interest:
security.pax.aslr.enabled:	Enable/disable ASLR for everyone
security.pax.aslr.global:	Enable/disable ASLR default (you can
				override this on individual binaries
				via ELF notes)
security.pax.aslr.debug:	Enable/Disable printing of ASLR address
				handling.
security.pax.aslr.flags:	Bits set to 1 disable ASLR more granularly
				Turning bit 0 on disables stack randomization
				Turning bit 1 on disables mmap randomization


christos

Follow-Ups:
- Re: PIE binaries and ASLR are on in the default build for amd64
  - From: Martin Husemann

References:
- PIE binaries and ASLR are on in the default build for amd64
  - From: Christos Zoulas

Prev by Date: PIE binaries and ASLR are on in the default build for amd64
Next by Date: Re: PIE binaries and ASLR are on in the default build for amd64
Previous by Thread: PIE binaries and ASLR are on in the default build for amd64
Next by Thread: Re: PIE binaries and ASLR are on in the default build for amd64
Indexes:

Home | Main Index | Thread Index | Old Index