1 |
> But, after we drop PT_PAX, this is only *worse* for the people in |
2 |
> (1.a). That's a much smaller group than /everyone/ who switches to |
3 |
> hardened. |
4 |
|
5 |
There seems to be the theoretical possibility of dropping XT_PAX instead |
6 |
of PT_PAX. The correct work of PAX markings would then not depend on the |
7 |
file system used. Therefore users with and without capable file systems |
8 |
could switch to hardened freely, since all the pax-markings would have |
9 |
been succeessfully applied to the executables. |
10 |
|
11 |
I am only a user of Gentoo Hardened (amd64) and do not know, why that |
12 |
option seems would not be a viable path. |
13 |
Is it because of self-checking binary blobs? |
14 |
Perhaps, it should be at least a valid choice to not drop (legacy?) |
15 |
PT_PAX markings - just in case you want to use hardened without xattr or |
16 |
want to upgrade from vanilla. |
17 |
|
18 |
|
19 |
|
20 |
-- |
21 |
Allan Wegan |