[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsec/PaX and Exec-shield

On Tue, 4 Nov 2003 spender@grsecurity.net wrote:

> [...] Are you so certain that Exec-shield stops execution in shared
> library bss/data? [...]

no, it doesnt, this is the main (and pretty much only) substantial
difference between exec-shield and PaX. Exec-shield will stop execution in
ET_EXEC binary's bss/data but it will not stop code injection into library
bss/data. Here is the 'protection matrix' of all the overflowable and
shellcodable virtual memory areas:

                                stock         exec-shield     PaX
  environment/argv/aux          no            yes             yes
  stack                         no            yes             yes
  anon mmaps                    no            yes             yes
  malloc()                      no            yes             yes
  binary bss/data               no            yes             yes
  lib bss/data                  no            no              yes

> [...] So I wonder what happens when someone tries to run tuxracer on a
> system that doesn't use PT_GNU_STACK?  Will Exec-shield then break
> "binary compatibility" without the presence of its self-made "standard"?

what do you mean? tuxracer runs just fine here.

If you mean exec-shield=2 then it is 'forcing' exec-shield and is only
recommended for testing purposes. Running exec-shield=1 on a system with
or without PT_GNU_STACK sections will result in a working system.  
PT_GNU_STACK itself influences nothing. Note that the Fedora kernel
defaults to exec-shield=1.

PT_GNU_STACK is a way to _automatically_ tag binaries/libraries whether
they need the stack to be executable or not. So instead of putting the
burden of 'chpax-ing broken applications' on the administrator or
distribution maker (and third party developers, and the scientific
community, and ...), this method tracks executability requirements
automatically. So you'll get a non-executable stack in like 99% of the
cases. It would be great if Debian adopted the PT_GNU_STACK changes too,
they can push the concept of non-executable stacks into the mainstream.


Reply to: