NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Problems with ASLR in 5.0.1



One other piece of information that could be relevant.
This is an HVM domU, with Debian as domO. Not sure why this would matter
though.

On Tue, Aug 25, 2009 at 7:00 AM, Michael Litchard 
<michael%schmong.org@localhost>wrote:

> I found this in the current-users mailing list
>
> How to enable address space layout randomization (ASLR) on NetBSD.
>
> First you need to compile a kernel with options PAX_ASLR=0. Or if you want
> to risk to have your system unusable you can use PAX_ASLR=1. Now you should
> be able to do:
>
> $ sysctl -a | grep aslr
> security.pax.aslr.enabled = 0
> security.pax.aslr.global = 0
> security.pax.aslr.mmap_len = 32
> security.pax.aslr.stack_len = 12
> security.pax.aslr.exec_len = 12
> $ sysctl -w security.pax.aslr.enabled=1
> security.pax.aslr.enabled: 0 -> 1a
>
> The man pages say this has been available since 4.0 so I went ahead and
> tried to use this feature.
>
> However, there's something that doesn't add up.
>
> When I do
> $ sysctl -a | grep aslr
> I get nothing
> I verified the kernel configuration.
> michael# config -x netbsd | grep PAX
> options         PAX_MPROTECT=0          # PaX mprotect(2) restrictions
> options         PAX_ASLR=0              # PaX Address Space Layout
> Randomization
>
> this is what it should be. But sysctl isn't giving me expected information.
>
> Could someone tell me what's going on here, or how to investigate further?


Home | Main Index | Thread Index | Old Index