Homepage of The PaX Team

PaX TuX by moolok
PaX TuX by moolok
This page hosts various documentation and source code for PaX.

file last update comment
docs 2013.10.02 04:41 GMT H2HC 2013 invited presentation. H2HC 2012 invited presentation. LATINOWARE 2012 invited presentation. SSTIC 2012 keynote. design & implementation of PaX. performance impact tests by Pedro Venda.
linux 2.2.26 2007.08.10 17:55 GMT backport from 2.4 with all features, but only i386 is known to work, other architectures may not even compile - feedback is welcome.
NOTE: all versions for 2.2 before 2005.03.05 have a privilege elevation bug, you must update as soon as possible.
linux 2.4.37 2008.12.27 19:00 GMT new configuration system supporting soft mode and sysctl and a new (and hopefully final) location for the PaX control flags, you'll need the binutils patch and paxctl to make use of it.
NOTE: all versions for 2.4 before 2005.03.05 have a privilege elevation bug, you must update as soon as possible.
linux 2.6.32.59
linux 3.2.30
linux 3.6
2012.10.02 21:00 GMT
2012.10.02 21:00 GMT
2012.10.02 21:00 GMT
forward port from 2.4 with some extra features, but only x86 is known to work, other architectures may not even compile - feedback is welcome. much like 2.6 itself, PaX for 2.6 is experimental, anything can break.
NOTE: all versions for 2.6 before 2005.03.05 have a privilege elevation bug, you must update as soon as possible.
NOTE: all versions for 2.6 before 2004.05.01 have a local kernel denial of service bug, thanks to ChrisR for bringing it to our attention.
binutils 2.16 2005.06.10 22:35 GMT adds PT_PAX_FLAGS program header support to binutils/ld, the old ELF header marking scheme (EI_PAX) has been deprecated. note that this binutils also has support for -z relro and -z now, their use is highly encouraged. Special thanks to Robert Connolly/HLFS and the Gentoo folks for fixing the testsuites.
NOTE: this version of binutils is known to produce incorrect 2.6 PaX kernels, you should use binutils 2.18 or newer.
binutils 2.17 2006.07.01 21:30 GMT adds PT_PAX_FLAGS program header support to binutils/ld, the old ELF header marking scheme (EI_PAX) has been deprecated. note that this binutils also has support for -z relro and -z now, their use is highly encouraged. Special thanks to Robert Connolly/HLFS for fixing some of the testsuites.
NOTE: this version of binutils is known to produce incorrect 2.6 PaX kernels, you should use binutils 2.18 or newer.
binutils 2.18 2008.03.31 14:45 GMT adds PT_PAX_FLAGS program header support to binutils/ld, the old ELF header marking scheme (EI_PAX) has been deprecated. note that this binutils also has support for -z relro and -z now, their use is highly encouraged. Special thanks to Robert Connolly/HLFS for fixing some of the testsuites.
binutils 2.19 2008.11.04 18:10 GMT adds PT_PAX_FLAGS program header support to binutils/ld, the old ELF header marking scheme (EI_PAX) has been deprecated. note that this binutils also has support for -z relro and -z now, their use is highly encouraged.
pax-utils 2006.05.05 19:30 GMT useful tools for PaX and in general, ELF sanity checking (text relocations, GNU_STACK marking, etc), brought to you by the Hardened Gentoo folks.
paxctl v0.7 2012.04.03 22:50 GMT new PaX control program when you use the PT_PAX_FLAGS marking available in PaX patches after 2004.02.04 (highly recommended). supports alpha, i386, ia64, mips, mips64, parisc, ppc, ppc64, sparc, sparc64 and x86_64.
chpax v0.7 2004.06.22 20:00 GMT obsolete version, use it for PaX patches released after 2003.02.03 or if you want to use the EI_PAX marking in PaX patches released after 2004.02.04. supports alpha, i386, ia64, mips, mips64, parisc, ppc, ppc64, sparc, sparc64 and x86_64.
chpax.old.c 2002.12.31 18:35 GMT obsolete version, use it for PaX patches released before 2003.02.03.
chpax.sh chpax.cfg 2002.12.12 21:35 GMT this script and its sample configuration contributed by Markus Gutschke allow one to keep chpax flags up-to-date when files change.
et_dyn.tar.gz 2003.08.10 23:55 GMT documentation and example on how to create dynamic ELF executables, this is needed to achieve full address space layout randomization.
paxtest v0.9.5 2003.11.04 21:45 GMT PaX regression test suite developed by Peter Busser for Adamantix.
paxtest v0.9.7-pre4 2005.06.10 22:45 GMT PaX regression test suite developed by Peter Busser for Adamantix. This test version attempts to add some support for the BSDs and also a unified makefile (Makefile.psm), feedback is welcome.

Share and enjoy,
The PaX Team

Various links
test versions of PaX may show up in here, feel free to give them a try and report back issues.
the first independent Windows NT/2000/XP implementation by SecureWave (broken link)
the second independent Windows NT/2000/XP implementation by Data Security Software (broken link)
the third independent Windows NT/2000/XP implementation by Sys-Manage A. Denter e.K.
the fourth independent Windows NT/2000/XP implementation by Next Generation Security Technologies (link down)
Microsoft, albeit four years late and relying on special CPU support, puts PAGEEXEC into Windows
ASLR for Windows NT/2000/XP by Wehnus, Inc. (source code)
Microsoft, albeit 5 years late, puts ASLR into Windows
PaX is part of grsecurity
PaX is part of Adamantix (Trusted Debian) (link down)
PaX (grsecurity) is part of Hardened Gentoo
PaX features are part of OpenBSD (MagicPoint presentation)
non-executable stack pages based on the segmentation logic implemented by the Openwall Project
non-executable stack and heap pages based on the segmentation logic implemented in RSX (link down)
non-executable stack and heap pages based on the segmentation logic implemented in kNoX
non-executable stack and heap pages based on the segmentation logic implemented in Exec Shield