Page 1 of 1

randomize_va_space vs PAX aslr

PostPosted: Wed Jul 27, 2011 6:32 am
by mohitbansal111
Hi

I have one little query !!!!

As now linux kernel also introduce address randomization..
so what is the status of PAX ASLR???
Is we really need to use PAX ASLR for our linux kernel(2.6.35) or randomize_va_space alone is satisfy our need???
Also is both of them work together effectly???

Is PaX ALSR code alone is available (without MProtect , NX etc) ??

-Mohit

Re: randomize_va_space vs PAX aslr

PostPosted: Wed Jul 27, 2011 7:56 am
by spender
The two don't work the same. For instance, PaX ignores provided mmap hints and applies the randomized layout to such mappings. Vanilla honors the hint. Vanilla also doesn't randomize when prelinking is used: PaX does. The number of bits randomized for each area is also significantly higher with PaX. We also support ASLR on many more architectures than vanilla. We also haven't had the numerous infoleaks against ASLR vanilla has had. We also feature with no configuration the functionality required to deter bruteforcing against ASLR locally and remotely.

-Brad

Re: randomize_va_space vs PAX aslr

PostPosted: Wed Jul 27, 2011 8:32 am
by mohitbansal111
Thanks 4 ur reply !!!
Is there any document which describe about the functional flow of PAX in linux kernel ???
Also I need only ASLR for my project.. is it possible ???

-Mohit

Re: randomize_va_space vs PAX aslr

PostPosted: Wed Jul 27, 2011 8:36 am
by spender
There is no ASLR-only patch. The only documentation for it exists at http://pax.grsecurity.net/docs/aslr.txt

-Brad

Re: randomize_va_space vs PAX aslr

PostPosted: Wed Jul 27, 2011 1:08 pm
by mohitbansal111
I already go through that but this document is very old :cry:
There is lot of changes is done in the linux kernel after that document...
Its is not match with today linux kernel code :-?

Re: randomize_va_space vs PAX aslr

PostPosted: Thu Jul 28, 2011 11:18 am
by mohitbansal111
Yet another query :o

In file fs/binfmt_elf.c , function randomize_stack_top have :

#ifdef CONFIG_PAX_RANDUSTACK
if (randomize_va_space)
return stack_top - current->mm->delta_stack;
#endif

Is this code mean the PAX aslr & randomize_va_space work together as this code is executed when randomize_va_space>0 or I am thinking wrong ????

-Mohit

Re: randomize_va_space vs PAX aslr

PostPosted: Thu Jul 28, 2011 12:58 pm
by spender
It means PaX's ASLR honors the randomize_va_space sysctl setting (at least in the on/off sense).

-Brad