grsecurity forums

[tunefx]

#
# PaX
#
CONFIG_PAX=y

#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_SEGMEXEC=y
# CONFIG_PAX_DEFAULT_PAGEEXEC is not set
CONFIG_PAX_DEFAULT_SEGMEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_NOVSYSCALL=y
# CONFIG_KEYS is not set
# CONFIG_SECURITY is not set

[root@localhost linux]# readelf -e /lib/ld-linux.so.2 | more
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x7c0
Start of program headers: 52 (bytes into file)
Start of section headers: 110176 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 6
Size of section headers: 40 (bytes)
Number of section headers: 23
Section header string table index: 22

Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al [ 0] NULL 00000000 000000 000000 00 0 0 0 [ 1] .hash HASH 000000f4 0000f4 0000d8 04 A 2 0 4 [ 2] .dynsym DYNSYM 000001cc 0001cc 000230 10 A 3 8 4 [ 3] .dynstr STRTAB 000003fc 0003fc 000186 00 A 0 0 1 [ 4] .gnu.version VERSYM 00000582 000582 000046 02 A 2 0 2 [ 5] .gnu.version_d VERDEF 000005c8 0005c8 0000a4 00 A 3 5 4 [ 6] .rel.dyn REL 0000066c 00066c 0000a8 08 A 2 0 4 [ 7] .rel.plt REL 00000714 000714 000028 08 A 2 8 4 [ 8] .plt PROGBITS 0000073c 00073c 000060 04 AX 0 0 4 [ 9] .text PROGBITS 000007a0 0007a0 011def 00 AX 0 0 16 [10] .rodata PROGBITS 000125a0 0125a0 0025ec 00 A 0 0 32 [11] .eh_frame_hdr PROGBITS 00014b8c 014b8c 00005c 00 A 0 0 4 [12] .eh_frame PROGBITS 00014be8 014be8 00015c 00 A 0 0 4 [13] .data.rel.ro PROGBITS 00016c80 015c80 000274 00 WA 0 0 32 [14] .dynamic DYNAMIC 00016ef4 015ef4 0000c0 08 WA 3 0 4 [15] .got PROGBITS 00016fb4 015fb4 00002c 04 WA 0 0 4 [16] .data PROGBITS 00017000 016000 00043c 00 WA 0 0 32 [17] .bss NOBITS 00017440 01643c 0000b4 00 WA 0 0 8 [18] .comment PROGBITS 00000000 01643c 0007e8 00 0 0 1 [19] .symtab SYMTAB 00000000 016c24 002c00 10 20 677 4 [20] .strtab STRTAB 00000000 019824
[21] .gnu_debuglink PROGBITS 00000000 01ad84 000018 00 0 0 4 [22] .shstrtab STRTAB 00000000 01ad9c 0000c3 00 0 0 1Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x14d44 0x14d44 R E 0x1000
LOAD 0x015c80 0x00016c80 0x00016c80 0x007bc 0x00874 RW 0x1000
DYNAMIC 0x015ef4 0x00016ef4 0x00016ef4 0x000c0 0x000c0 RW 0x4
GNU_EH_FRAME 0x014b8c 0x00014b8c 0x00014b8c 0x0005c 0x0005c R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
GNU_RELRO 0x015c80 0x00016c80 0x00016c80 0x00380 0x00380 R 0x1

Section to Segment mapping:
Segment Sections...
00 .hash .dynsym .dynstr .gnu.version .gnu.version_d .rel.dyn .rel.plt .p
lt .text .rodata .eh_frame_hdr .eh_frame
01 .data.rel.ro .dynamic .got .data .bss
02 .dynamic
03 .eh_frame_hdr
04
05 .data.rel.ro .dynamic .got

gcc -v
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.4/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux
Thread model: posix
gcc version 3.4.4 20050721 (Red Hat 3.4.4-2)

first 1 tried compile grsecurity 2.1.6 for 2.6.11.12, compiling success. but after reboot, i got error kernel panic

error log

VFS: cannot open root device "<NULL> or uknown-block(253,0)
Please append a correct "root=" boot option
kernel panic - not syncing: VFS: Unable to mount root fs on uknown-block(253,0)

And one more i tried compile 2.6.13.2 before but got some error on compiling process...i try to download new patches 2.1.7 but url cannot working any more

Thanks,