Re: Security and PAX

[christos%zoulas.com@localhost (Christos Zoulas)]

On Jun 14,  6:39pm, rhino64%epost.ch@localhost (rhino64%epost.ch@localhost) wrote:
-- Subject: Re: Security and PAX

| Hi,
| 
| finally I have tried to use these parameters to compile pseudo statically a
| big program (zsh) but without too much succes (the linking stage failed
| with an error with the .RODATA segment of some libs).

Hmm, what's the error? I am wondering if there is something easy to fix.

| Probably, I will have to build static executables for some usage (mainly
| to have executable working across many version of OS and over a long
| period of time) and dynamic for other usages (like SSH
| or some other services where ASLR might be important).

NetBSD binaries both static and dynamic work across all versions
of NetBSD, so no need for static binaries. If you don't believe
me, download NetBSD-1.0 and try to run its binaries in current.

| However, it seems that the documentation (man security (7)) is wrong
| because for non PIE programs, only the stack address is random.
| At least this was the case with all the tests I have done by compiling
| statically or dynamically (under netbsd 6.1.5) the small example program.

Fixed, thanks!

christos