Re: Problems with ASLR in 5.0.1

To: netbsd-users%netbsd.org@localhost
Subject: Re: Problems with ASLR in 5.0.1
From: christos%astron.com@localhost (Christos Zoulas)
Date: Tue, 25 Aug 2009 21:53:47 +0000 (UTC)

In article 
<3dc350d00908250700q294170b0m5c74a8dd36342972%mail.gmail.com@localhost>,
Michael Litchard  <michael%schmong.org@localhost> wrote:
>I found this in the current-users mailing list
>
>How to enable address space layout randomization (ASLR) on NetBSD.
>
>First you need to compile a kernel with options PAX_ASLR=0. Or if you want
>to risk to have your system unusable you can use PAX_ASLR=1. Now you should
>be able to do:
>
>$ sysctl -a | grep aslr
>security.pax.aslr.enabled = 0
>security.pax.aslr.global = 0
>security.pax.aslr.mmap_len = 32
>security.pax.aslr.stack_len = 12
>security.pax.aslr.exec_len = 12
>$ sysctl -w security.pax.aslr.enabled=1
>security.pax.aslr.enabled: 0 -> 1a
>
>The man pages say this has been available since 4.0 so I went ahead and
>tried to use this feature.
>
>However, there's something that doesn't add up.
>
>When I do
>$ sysctl -a | grep aslr
>I get nothing
>I verified the kernel configuration.
>michael# config -x netbsd | grep PAX
>options         PAX_MPROTECT=0          # PaX mprotect(2) restrictions
>options         PAX_ASLR=0              # PaX Address Space Layout
>Randomization
>
>this is what it should be. But sysctl isn't giving me expected information.
>
>Could someone tell me what's going on here, or how to investigate further?

nm /netbsd | grep aslr

christos

References:
- Problems with ASLR in 5.0.1
  - From: Michael Litchard

Prev by Date: Re: Can't build bootable install dvd on 5.0
Next by Date: Problem with multimedia keys with a remote.
Previous by Thread: Re: Problems with ASLR in 5.0.1
Next by Thread: Problem with multimedia keys with a remote.
Indexes:

Home | Main Index | Thread Index | Old Index