ATTN SPENDER/PAX TEAM: PaX + sparc64

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

ATTN SPENDER/PAX TEAM: PaX + sparc64

Postby mikecc » Sat Aug 14, 2004 12:24 pm

I have been complaining to spender over and over why no 64bit binaries worked on my SPARC64 machine, well I figured it out:

mike@faders:~$ gcc test.c -o test -m64
mike@faders:~$ ./test
Segmentation fault
mike@faders:~$ /sbin/chpax -pmxrs test
mike@faders:~$ ./test
hello world
mike@faders:~$

So basically, whats up with PaX and sparc64? I did a chpax on my gradm binary, and that works beautifully, so I am happy as can be.

Mike
mikecc
 
Posts: 4
Joined: Wed Dec 10, 2003 11:58 pm

Re: ATTN SPENDER/PAX TEAM: PaX + sparc64

Postby PaX Team » Sat Aug 14, 2004 2:10 pm

mikecc wrote:I have been complaining to spender over and over why no 64bit binaries worked on my SPARC64 machine, well I figured it out:
the answer is simple: more than a year ago when i was working on the sparc port, i couldn't figure out how to create 64 bit apps, so EMUPLT didn't really get tested. apparently things have improved a bit since although i still can't get gdb to debug 64 bit coredumps... anyway, in the meantime you can disable MPROTECT and apps will work.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

no way

Postby mikecc » Sun Aug 15, 2004 12:50 pm

no way, disabling mprotect will take away some of the securities pax/grsecurity gives me, correct? this is the only 64bit app I use (gradm), and using chpax on it makes it work, so im happy.
mikecc
 
Posts: 4
Joined: Wed Dec 10, 2003 11:58 pm

Re: no way

Postby PaX Team » Mon Aug 16, 2004 3:58 am

mikecc wrote:no way, disabling mprotect will take away some of the securities pax/grsecurity gives me, correct?
well, i meant to disable MPROTECT on your 64 bit apps only, not in general, and yes, MPROTECT is the one feature that gives the PaX guarantees but you're already using a platform that needs PLT emulation which is bad for both performance and security.
this is the only 64bit app I use (gradm), and using chpax on it makes it work, so im happy.
why do you need gradm to be a 64 bit app?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

well

Postby mikecc » Tue Aug 17, 2004 1:30 am

im runninga 64bit kernel, on a 64bit arch. so spender says when im running a 64bit arch, it will build a 64bit binary of gradm, so in essence, i need to chpax it for it to work. so far ACLs have been running fantastic on my machine and im loving it.
mikecc
 
Posts: 4
Joined: Wed Dec 10, 2003 11:58 pm


Return to grsecurity support