On Mon, May 26, 2008 at 6:30 PM, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> wrote: > Hi... > > On Mon, May 26, 2008 at 3:24 PM, Devendra Durgapal > <ddlinuxinfo@xxxxxxxxx> wrote: >> Hi All, >> >> Can someone point me to the worth link or doc. about ASLR+NX. I basically >> want to see the working of ASLR and NX bit >> on 2.4 kernel. > > to the best I know, ASLR is only on 2.6. In 2.4, it is provided via > grsecurity patches. > > Just found a treasure of document as per requested: http://pax.grsecurity.net/docs/ performance tests 2005.10.20 23:10 GMT comprehensive performance impact tests by Pedro Venda pax.txt 2003.11.29 14:35 GMT the main document, overall description noexec.txt 2003.05.01 14:15 GMT non-executable pages design & implementation kernexec.txt 2003.04.03 21:25 GMT non-executable kernel pages design & implementation kernseal.txt 2003.05.01 14:20 GMT sealed kernel storage design & implementation aslr.txt 2003.03.15 21:05 GMT address space layout randomization pageexec.txt 2003.03.15 21:05 GMT paging based non-executable pages segmexec.txt 2003.05.01 14:00 GMT segmentation based non-executable pages mprotect.txt 2003.11.04 19:58 GMT mmap() and mprotect() restrictions randustack.txt 2003.02.12 15:50 GMT userland stack randomization randkstack.txt 2003.01.24 13:44 GMT kernel stack randomization randmmap.txt 2003.01.24 13:44 GMT mmap() randomization randexec.txt 2003.02.19 18:50 GMT non-relocatable executable file randomization vmmirror.txt 2003.10.06 15:22 GMT vma mirroring, the core of SEGMEXEC and RANDEXEC emutramp.txt 2003.05.01 14:00 GMT gcc nested function and kernel sigreturn trampolines emulation emusigrt.txt 2003.02.19 18:50 GMT automatic kernel sigreturn trampoline emulation pax-future.txt 2003.03.20 01:30 GMT what the future holds for PaX pageexec.old.txt 2000.11.16 18:00 GMT the original design & implementation of PAGEEXEC, badly out of date > >> Is there any way by which ASLR and NX can be bypass. It would be great if >> you point me to some exploit POC for it. > > Bypassed in what context? for example, NX can't help ret-to-libc, > since NX is usually used to make stack unexecutable. > > About ASLR, usually you do sampling to predict the randomization > pattern. In grsecurity however, randomization is some degree better. > > Check phrack.org archieves for further reading materials. > > regards, > > Mulyadi. > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx > Please read the FAQ at http://kernelnewbies.org/FAQ > > -- Regards, Peter Teoh -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
