| erle- | natty does not seem to have execshield in 32 bit edition | 10:10 |
|---|---|---|
| erle- | does it have a different type of protection? | 10:11 |
| erle- | (i have to get rid of it) | 10:11 |
| ohsix | why do you have to get rid of it? | 10:12 |
| erle- | security experiments | 10:13 |
| ohsix | well you can change the page attributes if you are writing the software; or disable the flag you want in the elf header if you aren't | 10:14 |
| erle- | this means not every program is protected now by default? | 10:15 |
| ohsix | you can boot with noexec=off too | 10:16 |
| erle- | ok, thanks | 10:16 |
| erle- | its a VM | 10:16 |
| erle- | i will do that | 10:16 |
| ohsix | by default only specialized applications mark pages executable, for code they generate | 10:16 |
| erle- | yes, but with third party software you never know, right? | 10:17 |
| ohsix | well sort of, you can look at it's elf header, and you could always use strace to see if it's making mprotect calls | 10:18 |
| erle- | the code i want to execute is placed in an array on stack, and it tells me "illegal instruction" | 10:19 |
| ohsix | i think theres a place in /proc/$pid/ that has the page flags too; so you can just grep it | 10:19 |
| erle- | but i am pretty sure that i have done it rightly | 10:19 |
| erle- | jumping to a random line in code section works perfectly well | 10:19 |
| ohsix | your stack will be marked noexec by default, you need to tell the linker not to, or edit the header with something | 10:20 |
| erle- | i will disable noexec completely on that VM | 10:20 |
| ohsix | most exploits love the ease at which code can be run from the stack :] that's why it's a mitigation | 10:20 |
| erle- | yeah, i totally understand that | 10:25 |
| erle- | i would not disable that on my sacred host system :) | 10:25 |
| === yofel_ is now known as yofel | ||
| === Quintasan_ is now known as Quintasan | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!