1 |
On 20 May 2007 at 4:32, Matt Poletiek wrote: |
2 |
|
3 |
> Im guessing this might require a toolchain/userland rebuild if |
4 |
> COMPAT_VDSO is the culprit since a recompile-reboot didnt change the |
5 |
> output of paxtest. Can anyone validate this? |
6 |
|
7 |
COMPAT_VDSO is needed only on systems running a rather old glibc |
8 |
(by current terms), gentoo doesn't even have that one in portage |
9 |
anymore iirc. on the other hand you set your PaX control method |
10 |
to come from the ACL system (grsec here) and i guess you haven't |
11 |
set up any policies for the paxtest binaries, so chances are that |
12 |
nothing is enabled on them by default. you can verify the runtime |
13 |
PaX flags in /proc/<pid>/status - if all are lowercase then PaX |
14 |
is effectively disabled for those binaries/processes. |
15 |
|
16 |
-- |
17 |
gentoo-hardened@g.o mailing list |