[10:10] <erle-> natty does not seem to have execshield in 32 bit edition
[10:11] <erle-> does it have a different type of protection?
[10:11] <erle-> (i have to get rid of it)
[10:12] <ohsix> why do you have to get rid of it?
[10:13] <erle-> security experiments
[10:14] <ohsix> well you can change the page attributes if you are writing the software; or disable the flag you want in the elf header if you aren't
[10:15] <erle-> this means not every program is protected now by default?
[10:16] <ohsix> you can boot with noexec=off too
[10:16] <erle-> ok, thanks
[10:16] <erle-> its a VM
[10:16] <erle-> i will do that
[10:16] <ohsix> by default only specialized applications mark pages executable, for code they generate
[10:17] <erle-> yes, but with third party software you never know, right?
[10:18] <ohsix> well sort of, you can look at it's elf header, and you could always use strace to see if it's making mprotect calls
[10:19] <erle-> the code i want to execute is placed in an array on stack, and it tells me "illegal instruction"
[10:19] <ohsix> i think theres a place in /proc/$pid/ that has the page flags too; so you can just grep it
[10:19] <erle-> but i am pretty sure that i have done it rightly
[10:19] <erle-> jumping to a random line in code section works perfectly well
[10:20] <ohsix> your stack will be marked noexec by default, you need to tell the linker not to, or edit the header with something
[10:20] <erle-> i will disable noexec completely on that VM
[10:20] <ohsix> most exploits love the ease at which code can be run from the stack :] that's why it's a mitigation
[10:25] <erle-> yeah, i totally understand that
[10:25] <erle-> i would not disable that on my sacred host system :)