Re: NSA software in Debian
On Wed, 22 Jan 2014 16:16:21 -0800
Andrew Merenbach <andrew@merenbach.com> wrote:
> I installed the i386 architecture and installed the `paxtest' suite. My results were fairly disappointing, to be honest:
> > $ sudo paxtest blackhat
> > Executable anonymous mapping (mprotect) : Vulnerable
> > Executable bss (mprotect) : Vulnerable
> > Executable data (mprotect) : Vulnerable
> > Executable heap (mprotect) : Vulnerable
> > Executable stack (mprotect) : Vulnerable
> > Executable shared library bss (mprotect) : Vulnerable
> > Executable shared library data (mprotect): Vulnerable
> > Writable text segments : Vulnerable
It's a good idea to configure the kernel (grsec options) before
recompiling. Probably MPROTECT feature is not enabled in kernel, or your
CPU doesn't have NX bit feature.
> A followup there links to the following bug, "linux-2.6: [RFC] Add a grsec featureset to Debian kernels":
>
> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090>
This would of course be the real solution.
--
Education is a process of making people see what is advanced and not
obvious, but also not see what is basic and obvious.
http://markorandjelovic.hopto.org
Reply to: