Hi,
I have the following situation: I run a mostly out-of-the-box debian woody
with the usual standard packages installed. I have installed the patched
binutils to add the PT_PAX_FLAGS-header to programs compiled by myself.
Now i want to run GRSecurity in safe mode, only enabling the PAX features
for testet binaries. However, I can not do this for the standard debian
binaries, because PT_PAX_FLAGS is missing.
Is there an easy way to add the PT_PAX_FLAGS-header to ELF-binaries
without having to recompile/relink them (eg. via ELFsh or a similar tool)?
This is something I would really like to perform a seamless transition to
a grsecurity-hardened system...
Thanks for your attention,
Pkunk
Add PT_PAX_FLAGS to existing binary (ELFsh) ?
2 posts
• Page 1 of 1
Add PT_PAX_FLAGS to existing binary (ELFsh) ?
by pkunk » Mon Oct 18, 2004 8:10 am
- pkunk
- Posts: 3
- Joined: Mon May 24, 2004 1:12 am
Re: Add PT_PAX_FLAGS to existing binary (ELFsh) ?
by PaX Team » Wed Oct 20, 2004 1:11 pm
unfortunately adding a new program header is not easy, even with helper tools like ELFsh. it would be easy however to convert an existing program header to PT_PAX_FLAGS, provided your binaries have something that you can 'recycle' this way (e.g., PT_GNU_STACK or maybe PT_NOTE). i think execstack from the prelink package does it for its own purposes, take a look at that code.pkunk wrote:Now i want to run GRSecurity in safe mode, only enabling the PAX features for testet binaries. However, I can not do this for the standard debian binaries, because PT_PAX_FLAGS is missing.
Is there an easy way to add the PT_PAX_FLAGS-header to ELF-binaries
without having to recompile/relink them (eg. via ELFsh or a similar tool)?
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
2 posts
• Page 1 of 1