erle- | natty does not seem to have execshield in 32 bit edition | 10:10 |
---|---|---|
erle- | does it have a different type of protection? | 10:11 |
erle- | (i have to get rid of it) | 10:11 |
ohsix | why do you have to get rid of it? | 10:12 |
erle- | security experiments | 10:13 |
ohsix | well you can change the page attributes if you are writing the software; or disable the flag you want in the elf header if you aren't | 10:14 |
erle- | this means not every program is protected now by default? | 10:15 |
ohsix | you can boot with noexec=off too | 10:16 |
erle- | ok, thanks | 10:16 |
erle- | its a VM | 10:16 |
erle- | i will do that | 10:16 |
ohsix | by default only specialized applications mark pages executable, for code they generate | 10:16 |
erle- | yes, but with third party software you never know, right? | 10:17 |
ohsix | well sort of, you can look at it's elf header, and you could always use strace to see if it's making mprotect calls | 10:18 |
erle- | the code i want to execute is placed in an array on stack, and it tells me "illegal instruction" | 10:19 |
ohsix | i think theres a place in /proc/$pid/ that has the page flags too; so you can just grep it | 10:19 |
erle- | but i am pretty sure that i have done it rightly | 10:19 |
erle- | jumping to a random line in code section works perfectly well | 10:19 |
ohsix | your stack will be marked noexec by default, you need to tell the linker not to, or edit the header with something | 10:20 |
erle- | i will disable noexec completely on that VM | 10:20 |
ohsix | most exploits love the ease at which code can be run from the stack :] that's why it's a mitigation | 10:20 |
erle- | yeah, i totally understand that | 10:25 |
erle- | i would not disable that on my sacred host system :) | 10:25 |
=== yofel_ is now known as yofel | ||
=== Quintasan_ is now known as Quintasan |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!