Re: paxctl(8) and ASLR - bug?

To: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Subject: Re: paxctl(8) and ASLR - bug?
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Tue, 7 Jun 2011 12:15:56 -0400

On Sun, Jun 05, 2011 at 03:21:41PM +0200, Jean-Yves Migeon wrote:
> 
> Here, ASLR is a flag associated to an executable. IIRC, NetBSD's ldd
> does not execute the binary directly to resolve symbols (by setting
> LD_TRACE_LOADED_OBJECTS env variable and let the dynamic linker print
> the information, like ld-linux.so), it performs the lookup itself.
> 
> In fact, you get the PaX flag from ldd (which is off there), rather than
> the one from ./main.
> 
> Try with paxctl +A $(which ldd).

Oof!  This isn't safe to do, because it will apply ASLR in cases where it
is known to be unsafe -- just like enabling it globally would.

It seems to me ldd *must* look at the executable and use the ASLR
flag value from there, or the enabling of ASLR on a per executable
basis cannot really work.

Thor

Follow-Ups:
- Re: paxctl(8) and ASLR - bug?
  - From: Jean-Yves Migeon

References:
- paxctl(8) and ASLR - bug?
  - From: Aleksey Cheusov
- Re: paxctl(8) and ASLR - bug?
  - From: Jean-Yves Migeon

Prev by Date: Reusing an old (envstat(8)) command line option
Next by Date: Re: Reusing an old (envstat(8)) command line option
Previous by Thread: Re: paxctl(8) and ASLR - bug?
Next by Thread: Re: paxctl(8) and ASLR - bug?
Indexes:

Home | Main Index | Thread Index | Old Index