Re: Security and PAX

To: netbsd-users%netbsd.org@localhost
Subject: Re: Security and PAX
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sat, 6 Jun 2015 20:06:06 +0000 (UTC)

In article <557315F5.6030805%gmx.com@localhost>, Kamil Rytarowski  <n54%gmx.com@localhost> wrote:
>On 06.06.2015 14:35, Christos Zoulas wrote:
>> In article <20150606142015.GA61273%nordend.local.sourire.ch@localhost>,
>>  <rhino64%epost.ch@localhost> wrote:
>>> Hi,
>>>  I am quite new to netbsd and I am curious about 
>>> the security mechanisms available.
>>>
>>> In the security page "http://www.netbsd.org/support/security/";,
>>> I can see that the PaX module is used in the kernel
>>> but without any other information.
>>>
>>> What should be done in order to use (and perhaps configure)
>>> that feature?
>>>
>>> Sould the executables being compiled with the "-fpie" option?
>>>
>>> Any comment would be greatly appreciated?
>> 
>> $ man 7 sysctl look for pax
>> $ man paxctl
>> 
>> To use ASLR effectively you need to build with MKPIE...
>> 
>
>I saw more PAX / NetBSD pieces here
>http://git.edgebsd.org/gitweb/?p=edgebsd-src.git;a=commitdiff;h=add2f1731f9468f3946bf8fea6cc48800c0f2668;hp=ba131ddbc3427f6931d123e93b82a339a879fb78

That just changes the defaults for the sysctls
security.pax.aslr.global and security.pax.mprotect.global...
You can put 2 lines in /etc/sysctl.conf and achieve the same...

christos

Follow-Ups:
- Re: Security and PAX
  - From: Martin Husemann

References:
- Security and PAX
  - From: rhino64
- Re: Security and PAX
  - From: Christos Zoulas
- Re: Security and PAX
  - From: Kamil Rytarowski

Prev by Date: NPF pf difference
Next by Date: clang++, llvm libc++ and NetBSD
Previous by Thread: Re: Security and PAX
Next by Thread: Re: Security and PAX
Indexes:

Home | Main Index | Thread Index | Old Index