How to start pax?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

How to start pax?

Postby bollin » Sun Aug 15, 2004 3:51 pm

Hello,

I have applied the kernel patch for a vanilla kernel 2.6.7 on my Debian system and enabled the pax and grsecurity options. After rebooting paxtest still tells me that my system is vulnerable. What do i have to do to enable pax?

Best Regards,
Torsten
bollin
 
Posts: 2
Joined: Sun Aug 15, 2004 3:47 pm

Re: How to start pax?

Postby PaX Team » Mon Aug 16, 2004 3:48 am

bollin wrote:I have applied the kernel patch for a vanilla kernel 2.6.7 on my Debian system and enabled the pax and grsecurity options. After rebooting paxtest still tells me that my system is vulnerable. What do i have to do to enable pax?
you didn't post the specific options you enabled, but i take a wild guess and say that you chose the PT_PAX_FLAGS marking while your toolchain (binutils/ld) doesn't provide it and you didn't enable the legacy EI_PAX marking support. either read the kernel config help or search the forum for more info. if it's something else, then please post more details (kernel .config bits, readelf -e output on paxtest binaries, etc).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: How to start pax?

Postby bollin » Mon Aug 16, 2004 1:59 pm

PaX Team wrote:you didn't post the specific options you enabled, but i take a wild guess and say that you chose the PT_PAX_FLAGS marking while your toolchain (binutils/ld) doesn't provide it and you didn't enable the legacy EI_PAX marking support.


PT_PAX_FLAGS was missing. Unfortunately my system does not boot now. First it failed during starting hotplug. After disabling pax on /bin/bash it fails somewhere else during the boot phase. :-(

Thanks for helping,
Torsten
bollin
 
Posts: 2
Joined: Sun Aug 15, 2004 3:47 pm

Re: How to start pax?

Postby PaX Team » Mon Aug 16, 2004 5:24 pm

bollin wrote:PT_PAX_FLAGS was missing. Unfortunately my system does not boot now. First it failed during starting hotplug. After disabling pax on /bin/bash it fails somewhere else during the boot phase. :-(
as a debian user you'll also need a fixed glibc, probably the best is to use the one with spender's security fixes, details are in the 2.0.1 release announcement: http://grsecurity.net/pipermail/grsecurity/2004-August/000024.html
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support