1 |
On 5 Dec 2008 at 18:21, Javier Martínez wrote: |
2 |
|
3 |
> Have you said me that I'm obsoleted?, ok, I agreed with you... o:), |
4 |
> but since I don't use xorg in servers... no problem. You still having |
5 |
> the other problems I commented. |
6 |
|
7 |
if you mean the /dev/mem issue, it's been solved to an extent in grsec |
8 |
for a long time now as it restricts what range in that device you can |
9 |
actually access - no physical memory for a start, so your trick of patching |
10 |
anything in kernel memory wouldn't fly. current 2.6 series also try to offer |
11 |
something like that (CONFIG_STRICT_DEVMEM) but as usual it's somewhat broken. |
12 |
|
13 |
> One question, somebody knows what made |
14 |
> xorg incompatible with pax mprotect restrictions in earlier versions?. |
15 |
|
16 |
it was the so-called elfloader, which was the X module loader supported |
17 |
and used by most distros back in the day. it handled .o files (ET_REL type |
18 |
in ELF terms) and performed relocation and symbol resolution itself. |
19 |
|
20 |
> I put you a link that is newer than the link that Brian Kroth posted |
21 |
> and still having the incompatibilities on: |
22 |
> http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml, maybe a |
23 |
> mistake? |
24 |
|
25 |
yes, from a quick glance, many of these hardened docs could do with a |
26 |
little update ;). |