pax + et-dyn

Discuss and suggest new grsecurity features

pax + et-dyn

Postby devastor » Thu Dec 26, 2002 6:20 pm

Hi,

I noticed this on pax's website:

linux 2.4.19 2002.12.18 13:55 GMT big rewrite of vma mirroring, ET_DYN executables should work again.
linux 2.4.20 2002.12.18 13:55 GMT straight port from 2.4.19

Does this mean that ET_DYN executables don't work in some way with earlier patches?
And so does it affect grsec-1.9.8-rc1? Or is that just a problem with newer code that was now fixed?
Some kind of a changelog might be useful to be able to keep track of what's going on :)


Thanks,

Tuomas Silen
devastor
 
Posts: 41
Joined: Fri Oct 11, 2002 5:07 pm

Re: pax + et-dyn

Postby PaX Team » Thu Dec 26, 2002 6:53 pm

devastor wrote:I noticed this on pax's website:

linux 2.4.19 2002.12.18 13:55 GMT big rewrite of vma mirroring, ET_DYN executables should work again.
linux 2.4.20 2002.12.18 13:55 GMT straight port from 2.4.19

Does this mean that ET_DYN executables don't work in some way with earlier patches? And so does it affect grsec-1.9.8-rc1? Or is that just a problem with newer code that was now fixed?
there was a problem in the previous patch that was released some 3 days before the current one (that was the big rewrite), i think very few people got it. more problematic is grsec -rc2 which does have the problem and is fixed only in the CVS (both that of PaX and grsec, although with the temporary server setup Brad seems to have copied over an older repository which does not have the fixes ;P). as for the problem: if you run ET_DYN executables, you will get ETXTBUSY errors on further execution attempts as i screwed up some flags used for mirrored file mappings and the write count for mirrored files gets unbalanced. if you have the problem, you can just diff the current PaX patch against -rc2 and apply the changes in fs/binfmt_elf.c and include/linux/mm.h.
Some kind of a changelog might be useful to be able to keep track of what's going on :)
ok, maybe time to ask Brad to generate changelogs for PaX as well, although i think grsec is more practical for production use than PaX per se.

speaking of ET_DYN, i will soon (hopefully today) release an update to the ET_DYN package with somewhat more verbose docs ;-) and other improvements.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity development