| 1 |
On 5 Dec 2008 at 18:21, Javier Martínez wrote: |
| 2 |
|
| 3 |
> Have you said me that I'm obsoleted?, ok, I agreed with you... o:), |
| 4 |
> but since I don't use xorg in servers... no problem. You still having |
| 5 |
> the other problems I commented. |
| 6 |
|
| 7 |
if you mean the /dev/mem issue, it's been solved to an extent in grsec |
| 8 |
for a long time now as it restricts what range in that device you can |
| 9 |
actually access - no physical memory for a start, so your trick of patching |
| 10 |
anything in kernel memory wouldn't fly. current 2.6 series also try to offer |
| 11 |
something like that (CONFIG_STRICT_DEVMEM) but as usual it's somewhat broken. |
| 12 |
|
| 13 |
> One question, somebody knows what made |
| 14 |
> xorg incompatible with pax mprotect restrictions in earlier versions?. |
| 15 |
|
| 16 |
it was the so-called elfloader, which was the X module loader supported |
| 17 |
and used by most distros back in the day. it handled .o files (ET_REL type |
| 18 |
in ELF terms) and performed relocation and symbol resolution itself. |
| 19 |
|
| 20 |
> I put you a link that is newer than the link that Brian Kroth posted |
| 21 |
> and still having the incompatibilities on: |
| 22 |
> http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml, maybe a |
| 23 |
> mistake? |
| 24 |
|
| 25 |
yes, from a quick glance, many of these hardened docs could do with a |
| 26 |
little update ;). |
Archives