NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Problems with ASLR in 5.0.1



In article 
<3dc350d00908250700q294170b0m5c74a8dd36342972%mail.gmail.com@localhost>,
Michael Litchard  <michael%schmong.org@localhost> wrote:
>I found this in the current-users mailing list
>
>How to enable address space layout randomization (ASLR) on NetBSD.
>
>First you need to compile a kernel with options PAX_ASLR=0. Or if you want
>to risk to have your system unusable you can use PAX_ASLR=1. Now you should
>be able to do:
>
>$ sysctl -a | grep aslr
>security.pax.aslr.enabled = 0
>security.pax.aslr.global = 0
>security.pax.aslr.mmap_len = 32
>security.pax.aslr.stack_len = 12
>security.pax.aslr.exec_len = 12
>$ sysctl -w security.pax.aslr.enabled=1
>security.pax.aslr.enabled: 0 -> 1a
>
>The man pages say this has been available since 4.0 so I went ahead and
>tried to use this feature.
>
>However, there's something that doesn't add up.
>
>When I do
>$ sysctl -a | grep aslr
>I get nothing
>I verified the kernel configuration.
>michael# config -x netbsd | grep PAX
>options         PAX_MPROTECT=0          # PaX mprotect(2) restrictions
>options         PAX_ASLR=0              # PaX Address Space Layout
>Randomization
>
>this is what it should be. But sysctl isn't giving me expected information.
>
>Could someone tell me what's going on here, or how to investigate further?

nm /netbsd | grep aslr

christos



Home | Main Index | Thread Index | Old Index