| 1 |
On 20 May 2007 at 4:32, Matt Poletiek wrote: |
| 2 |
|
| 3 |
> Im guessing this might require a toolchain/userland rebuild if |
| 4 |
> COMPAT_VDSO is the culprit since a recompile-reboot didnt change the |
| 5 |
> output of paxtest. Can anyone validate this? |
| 6 |
|
| 7 |
COMPAT_VDSO is needed only on systems running a rather old glibc |
| 8 |
(by current terms), gentoo doesn't even have that one in portage |
| 9 |
anymore iirc. on the other hand you set your PaX control method |
| 10 |
to come from the ACL system (grsec here) and i guess you haven't |
| 11 |
set up any policies for the paxtest binaries, so chances are that |
| 12 |
nothing is enabled on them by default. you can verify the runtime |
| 13 |
PaX flags in /proc/<pid>/status - if all are lowercase then PaX |
| 14 |
is effectively disabled for those binaries/processes. |
| 15 |
|
| 16 |
-- |
| 17 |
gentoo-hardened@g.o mailing list |
Archives