Talk:Hardened/PaX Quickstart

Kernel configuration in Kernel configuration for PT_PAX includes these settings:

   Non-executable page ->
 
[*] Enforce non-executable pages
[*]   Paging based non-executable pages
[*]   Segmentation based non-executable pages               <--- Not available on amd64.
[*] Emulate trampolines                                     <--- CRITICAL for python
[*] Restrict mprotect()
[ ]   Use legacy/compat protection demoting (read help)
[ ]   Allow ELF text relocations (read help)
[*] Enforce non-executable kernel pages
    Return Address Instrumentation Method (or)  --->        <--- Not available on x86.
    (4) Minimum amount of memory reserved for module code   <--- Not available on amd64.
 
   Address Space Layout Randomization ->
 
[*] Address Space Layout Randomization
[*] Randomize kernel stack base
[*] Randomize user stack base
[*] Randomize mmap() base
 
   Miscellaneous hardening features  --->
 
[*] Sanitize all freed memory
[*] Sanitize kernel stack
[*] Prevent invalid userland pointer dereference
[*] Prevent various kernel object reference counter overflows
[*] Harden heap object copies between kernel and userland
[*] Prevent various integer overflows in function size parameters
[*] Generate some entropy during boot

I guess these are not just for PT_PAX but for XATTR_PAX also. Could you please separate these blocks?

— The preceding unsigned comment was added by Stan31337 (talk • contribs)

This is no longer fitting as of kernel sources 4.4.8-hardened-r1.

However I don't know how/if this set any longer or in some other

place, as the config value entirely disappeared.

KERNEL Automatic selection of EXT4_FS_XATTR by XATTR_PAX_FLAGS
File systems  --->
 <*> The Extended 4 (ext4) filesystem
 -*-   Ext4 extended attributes

ng0 (talk) 15:51, 1 June 2016 (UTC)