From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R1oS6-0007DN-B1 for garchives@archives.gentoo.org; Thu, 08 Sep 2011 23:56:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 428F921C186; Thu, 8 Sep 2011 23:55:07 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 0FA3821C186 for ; Thu, 8 Sep 2011 23:55:06 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id ADE4C1B401D for ; Thu, 8 Sep 2011 23:55:06 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id 1D0EA80043 for ; Thu, 8 Sep 2011 23:55:06 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <864da2a2f7b512f4b3c8fecfcbf2f144436d5eef.blueness@gentoo> Subject: [gentoo-commits] proj/elfix:paxmark-libs commit in: / X-VCS-Repository: proj/elfix X-VCS-Files: README X-VCS-Directories: / X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 864da2a2f7b512f4b3c8fecfcbf2f144436d5eef Date: Thu, 8 Sep 2011 23:55:06 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: cae5d28c2f40f2395ddd4baddbe3e67c commit: 864da2a2f7b512f4b3c8fecfcbf2f144436d5eef Author: Anthony G. Basile gentoo org> AuthorDate: Tue Sep 6 09:59:49 2011 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Tue Sep 6 09:59:49 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/elfix.git;a=3D= commit;h=3D864da2a2 README: fixed description --- README | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README b/README index e45f94c..c64feb9 100644 --- a/README +++ b/README @@ -1,11 +1,15 @@ =20 -This is POC to demonstrate the inheritance of -m pax flags when -a binary, which is not marked -m, loads a library which is marked -m. +This is POC to demonstrate the inheritance of MPROTECT PaX flag when +a binary loads a library, either via normal dynamic linking or via dlope= n. +The binary/library are variously marked -M (enabled) or -m (disabled) MP= ROTECT. + +The library contains an RWX mmapping which is forbiddent. The binary ju= st +calls the library. =20 What you need: =20 0. Preferrably do this on the One True Distro, hardened gentoo. - 1. Run a pax enabled kernel with RANDMMAP + 1. Run a pax enabled kernel with PAX_MPROTECT 2. Install sys-apps/paxctl =20 How to use this=20