NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Problems with ASLR in 5.0.1

In article 
Michael Litchard  <> wrote:
>I found this in the current-users mailing list
>How to enable address space layout randomization (ASLR) on NetBSD.
>First you need to compile a kernel with options PAX_ASLR=0. Or if you want
>to risk to have your system unusable you can use PAX_ASLR=1. Now you should
>be able to do:
>$ sysctl -a | grep aslr
>security.pax.aslr.enabled = 0
> = 0
>security.pax.aslr.mmap_len = 32
>security.pax.aslr.stack_len = 12
>security.pax.aslr.exec_len = 12
>$ sysctl -w security.pax.aslr.enabled=1
>security.pax.aslr.enabled: 0 -> 1a
>The man pages say this has been available since 4.0 so I went ahead and
>tried to use this feature.
>However, there's something that doesn't add up.
>When I do
>$ sysctl -a | grep aslr
>I get nothing
>I verified the kernel configuration.
>michael# config -x netbsd | grep PAX
>options         PAX_MPROTECT=0          # PaX mprotect(2) restrictions
>options         PAX_ASLR=0              # PaX Address Space Layout
>this is what it should be. But sysctl isn't giving me expected information.
>Could someone tell me what's going on here, or how to investigate further?

nm /netbsd | grep aslr


Home | Main Index | Thread Index | Old Index