Gentoo Archives: gentoo-hardened

From:	Pavel Labushev <p.labushev@×××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] persistent paxctl -m?
Date:	Fri, 10 Apr 2009 03:36:05
Message-Id:	`49DEBE88.7010407@gmail.com`
In Reply to:	Re: [gentoo-hardened] persistent paxctl -m? by Alex Efros

1	Alex Efros ?????:
2	> Hi!
3	>
4	> On Thu, Apr 09, 2009 at 07:14:11PM +0300, Alex Efros wrote:
5	>
6	>> and create executable shell script in that dir: mozilla-firefox-bin.postinst
7	>> ---cut---
8	>> #!/bin/bash
9	>> ewarn "Running chpax -m /opt/firefox/firefox-bin to avoid crash on flash!"
10	>> chpax -m /opt/firefox/firefox-bin
11	>> ---cut---
12	>>
13	>
14	> Of course, if you compile firefox instead of using firefox-bin, then file
15	> should be named mozilla-firefox.postinst and you should use there paxctl
16	> instead of chpax.
17	>
18	A simple cron job or slightly-less-simple RBAC policy can do the trick.
19	There's no need to mess with portage, imho.

Subject	Author
Re: [gentoo-hardened] persistent paxctl -m?	Grant <emailgrant@×××××.com>
Re: [gentoo-hardened] persistent paxctl -m?	Alex Efros <powerman@××××××××××××××××××.com>