Re: paxctl(8) and ASLR - bug?

To: tech-userlevel%netbsd.org@localhost
Subject: Re: paxctl(8) and ASLR - bug?
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Sun, 05 Jun 2011 15:21:41 +0200

On 05.06.2011 12:28, Aleksey Cheusov wrote:
> As far as I can see paxctl(8) doesn't work as expected on NetBSD current
> and 5.1. The following typescript shows that library load
> addresses stay the same after enabling PaX ASLR for the program.
> Executable load address on the other hand is randomized normally.
> It looks like a bug. What am I doing wrong?
>
> 0 ~>ldd -f '%o -> %x\n' ./main
> z -> 0x7f7ff7000000
> c -> 0x7f7ff6400000
> lzma -> 0x7f7ff6c00000
> m -> 0x7f7ff6800000

Here, ASLR is a flag associated to an executable. IIRC, NetBSD's ldd
does not execute the binary directly to resolve symbols (by setting
LD_TRACE_LOADED_OBJECTS env variable and let the dynamic linker print
the information, like ld-linux.so), it performs the lookup itself.

In fact, you get the PaX flag from ldd (which is off there), rather than
the one from ./main.

Try with paxctl +A $(which ldd).

> =============================================================
> 
> At the same time enabling ASLR globally works fine.
> 
> =============================================================

That would explain the above.

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: paxctl(8) and ASLR - bug?
  - From: Thor Lancelot Simon

References:
- paxctl(8) and ASLR - bug?
  - From: Aleksey Cheusov

Prev by Date: paxctl(8) and ASLR - bug?
Next by Date: Re: paxctl(8) and ASLR - bug?
Previous by Thread: paxctl(8) and ASLR - bug?
Next by Thread: Re: paxctl(8) and ASLR - bug?
Indexes:

Home | Main Index | Thread Index | Old Index