PaX demo results, logs, reproduction data
-----BEGIN PGP SIGNED MESSAGE-----
I have completed an in-house test of a PaX demonstration. The demo
includes the PaX patch; a patch I made to suppliment PaX with boot-time
selection of NX mode; a script `pax-flags` to mark binaries with
chpax/paxctl and execstack (to turn the executable stack bit,
PT_GNU_STACK, off); and a configuration script for pax-flags.
The process I followed was a three-phase process which involved 1)
running an unadultered Debian base on a non-PaX-patched 2.6.7 kernel
(kernel-sources-2.6.7-1); 2) Switching to a PaX-patched version and
demonstrating breakage, then demonstrating how flagging effectively
works around (and thus mutes) the incompatibilities; and 3) returning to
the same kernel used in (1) and running the marked binaries to show that
they are unaffected.
A full explaination is in the file:
The directory listing of
contains the patches used; the logs of the three-phase test (large
amounts of output, you really have to search for my input prompts); the
pax-flags script (an ugly script at that); and a pax.conf for pax-flags
It is interesting to note that I messed up in the middle of phase 2, and
had to actually track down what was triggering wine; I was pretty sure
already, but wanted to test out just -m on it anyway, so took the
chance. This process took less than two minutes for me to complete.
Wine is a special case, and needs the -x flag because of the preloader.
~ This was not tracked down during the above noted flagging miss; I added
that at the end when I remembered the docs I read about the preloader.
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitely stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----