Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 7 Dec 2016 13:09:09 -0800
From: Kees Cook <>
To: "" <>
Subject: Re: Regarding PaX

On Tue, Dec 6, 2016 at 11:46 PM, manjunatha srinivasan
<> wrote:
> Hi


> I am new to PaX.
> I have plan to port only PaX (i.e mutual exclusive write/execute
> pages) for latest kernel ( for x86_64 architectures. From
> other place I found patch from
> ( from branch
> 'paxonly' for  4.1  kernel. From the commit ID
> 9474667100c85c944a0d71ede82ef85e3ab502dc (123248 lines).
> In other place from, I can see the
>  patch 'grsecurity-3.1-4.8.12-201612062306.patch' .
> I don't' know where to start from these places. Please let me know
> about information on internals i.e. about code implementation and
> related documents of PaX ( i.e. mutual exclusive write/execute
> pages.).

PaX collects a lot of features. It sounds like you're interested only
in the W^X mmap/mprotect/etc feature?

> Also if want to do of porting PaX (i.e mutual exclusive write/execute
> pages) from scratch where can I find internals of it. Is that
> information from is enough idea for kick
> start.
> Please let me know the prerequisite knowledge on Linux subsystem like
> memory management before starting.

I would generally recommend reading the code to understand what's
happening. Other folks on the list may have better pointers for where
to learn about Linux mm, but it's a pretty complex area of the kernel.

For the first step, I'd recommend writing tests that currently fail
against the upstream kernel, then extract the pieces from PaX that
cover the feature you're interested in, and make sure your tests then
pass. From there, cutting up the patches into logically distinct
pieces would be next, which would be followed by upstream review (and
likely a few rounds of adjustments to the patches), and hopefully
finally getting them accept.

> Please let me know any openwall  git repository is  available.

Openwall just hosts this mailing list.

> If you feel this not the correct place of asking, please advice where
> should I post.

This is the right place to discuss development and porting of security
features for the upstream Linux kernel.

Thanks for the interest!


Kees Cook
Nexus Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.