Re: Problems with ASLR in 5.0.1

To: NetBSD Users Mailing List <netbsd-users%netbsd.org@localhost>
Subject: Re: Problems with ASLR in 5.0.1
From: Michael Litchard <michael%schmong.org@localhost>
Date: Tue, 25 Aug 2009 11:28:16 -0700

One other piece of information that could be relevant.
This is an HVM domU, with Debian as domO. Not sure why this would matter
though.

On Tue, Aug 25, 2009 at 7:00 AM, Michael Litchard 
<michael%schmong.org@localhost>wrote:

> I found this in the current-users mailing list
>
> How to enable address space layout randomization (ASLR) on NetBSD.
>
> First you need to compile a kernel with options PAX_ASLR=0. Or if you want
> to risk to have your system unusable you can use PAX_ASLR=1. Now you should
> be able to do:
>
> $ sysctl -a | grep aslr
> security.pax.aslr.enabled = 0
> security.pax.aslr.global = 0
> security.pax.aslr.mmap_len = 32
> security.pax.aslr.stack_len = 12
> security.pax.aslr.exec_len = 12
> $ sysctl -w security.pax.aslr.enabled=1
> security.pax.aslr.enabled: 0 -> 1a
>
> The man pages say this has been available since 4.0 so I went ahead and
> tried to use this feature.
>
> However, there's something that doesn't add up.
>
> When I do
> $ sysctl -a | grep aslr
> I get nothing
> I verified the kernel configuration.
> michael# config -x netbsd | grep PAX
> options         PAX_MPROTECT=0          # PaX mprotect(2) restrictions
> options         PAX_ASLR=0              # PaX Address Space Layout
> Randomization
>
> this is what it should be. But sysctl isn't giving me expected information.
>
> Could someone tell me what's going on here, or how to investigate further?

References:
- Problems with ASLR in 5.0.1
  - From: Michael Litchard

Prev by Date: Re: Gnome
Next by Date: Re: Can't build bootable install dvd on 5.0
Previous by Thread: Problems with ASLR in 5.0.1
Next by Thread: Re: Problems with ASLR in 5.0.1
Indexes:

Home | Main Index | Thread Index | Old Index