Problems with ASLR in 5.0.1

To: NetBSD Users Mailing List <netbsd-users%netbsd.org@localhost>
Subject: Problems with ASLR in 5.0.1
From: Michael Litchard <michael%schmong.org@localhost>
Date: Tue, 25 Aug 2009 07:00:26 -0700

I found this in the current-users mailing list

How to enable address space layout randomization (ASLR) on NetBSD.

First you need to compile a kernel with options PAX_ASLR=0. Or if you want
to risk to have your system unusable you can use PAX_ASLR=1. Now you should
be able to do:

$ sysctl -a | grep aslr
security.pax.aslr.enabled = 0
security.pax.aslr.global = 0
security.pax.aslr.mmap_len = 32
security.pax.aslr.stack_len = 12
security.pax.aslr.exec_len = 12
$ sysctl -w security.pax.aslr.enabled=1
security.pax.aslr.enabled: 0 -> 1a

The man pages say this has been available since 4.0 so I went ahead and
tried to use this feature.

However, there's something that doesn't add up.

When I do
$ sysctl -a | grep aslr
I get nothing
I verified the kernel configuration.
michael# config -x netbsd | grep PAX
options         PAX_MPROTECT=0          # PaX mprotect(2) restrictions
options         PAX_ASLR=0              # PaX Address Space Layout
Randomization

this is what it should be. But sysctl isn't giving me expected information.

Could someone tell me what's going on here, or how to investigate further?

Follow-Ups:
- Re: Problems with ASLR in 5.0.1
  - From: Christos Zoulas
- Re: Problems with ASLR in 5.0.1
  - From: Michael Litchard

Prev by Date: Re: Can't build bootable install dvd on 5.0
Next by Date: Re: Gnome
Previous by Thread: Looking for users of the strip(4) line discipline
Next by Thread: Re: Problems with ASLR in 5.0.1
Indexes:

Home | Main Index | Thread Index | Old Index