On 22 Aug 2012 at 1:37, Maxim Kammerer wrote: > On Tue, Aug 21, 2012 at 11:44 PM, Anthony G. Basile > <bas...@opensource.dyc.edu> wrote: > > That sounds about right. I'm not hitting this with tor-ramdisk, a tiny > > ramdisk image for running tor relays, built with latest tor + busybox + > > hardened kernel. I have PAX_SIZE_OVERFLOW off. I didn't even try turning > > it on since its still very experimental.
it's actually getting better, since last week's version the number of false positives should be much reduced. > Perhaps the Kconfig description should be more explicit about the > status of this feature (looking at one in 3.4.7 sources now)? When > upgrading to 3.4 hardened-source series, I suspected that this feature > was rather experimental, but couldn't confirm it even after some > thorough searching, so I figured out (maybe wrongly) that it was a > mature work that grsecurity / PaX finally decided to include in their > patches. did your thorough search include the grsec mailing list archives? if you google '"size_overflow" pax' then it's like the first hit there ;).
