[gentoo-hardened] mprotect question

2011-07-14 Thread Markus Oehme
Hi, I successfully switched to hardened profile during the last week and it was quite painless. I think I can hand out some praise for the great work done on Gentoo Hardened. :) Just one thing puzzles me a bit. I activated pax in hardened sources and this resulted in quite some segfaulting proces

Re: [gentoo-hardened] mprotect question

2011-07-14 Thread Anthony G. Basile
Hi Markus, It looks like you missed something in the process. The steps to converting are (skipping details): 1) switch profile 2) recompile the toolchain: emerge glibc gcc binutils 3) recompile system: emerge -e system 4) recompile world: emerge -e world If you didn't do these, its possible yo

Re: [gentoo-hardened] mprotect question

2011-07-14 Thread Javier Juan Martínez Cabezón
This things usually happen when changes are put into the CFLAGS-CXXFLAGS directly in make.conf instead of using the specs (profile), without mprotect, pax does nothing, ASLR is not functional since is not needed an return into libc to get an exploit working since PAGEEXEC/SEGMEXEC is not usefu

Re: [gentoo-hardened] mprotect question

2011-07-14 Thread Markus Oehme
Hi Anthony, At Thu, 14 Jul 2011 09:41:48 -0400, Anthony G. Basile wrote: > It looks like you missed something in the process. The steps to > converting are (skipping details): > > 1) switch profile > 2) recompile the toolchain: emerge glibc gcc binutils > 3) recompile system: emerge -e system >

[gentoo-hardened] Log from meeting 2011-07-13 20:00 UTC

2011-07-14 Thread Magnus Granberg
Hi Here is the log from the meeting we did have on 2011-07-13 20:00UTC /Magnus (Zorry)[22:17:46] 1.0 Hardened use flag [22:18:11] shall i start? [22:18:15] do it [22:18:37] okay the issue of what the meaning of the "hardened" use flag came up [22:18:56] in the tree, the use flag is 90% meani

Re: [gentoo-hardened] mprotect question

2011-07-14 Thread Matthew Summers
On Thu, Jul 14, 2011 at 10:29 AM, Markus Oehme wrote: > Hi Anthony, > > At Thu, 14 Jul 2011 09:41:48 -0400, > Anthony G. Basile wrote: >> It looks like you missed something in the process.  The steps to >> converting are (skipping details): >> >> 1) switch profile >> 2) recompile the toolchain: em

Re: [gentoo-hardened] mprotect question

2011-07-14 Thread Matthew Summers
On Thu, Jul 14, 2011 at 8:41 AM, Anthony G. Basile wrote: > Hi Markus, > > It looks like you missed something in the process.  The steps to > converting are (skipping details): > > 1) switch profile > 2) recompile the toolchain: emerge glibc gcc binutils > 3) recompile system: emerge -e system > 4