| 1 |
On 30 May 2005 at 15:13, Chris S wrote: |
| 2 |
|
| 3 |
[...] |
| 4 |
> Thank you for your reply. This makes sense. I guess the problem is that |
| 5 |
> I need to run .net as a service on an internet visible server. I do not |
| 6 |
> however want to remove hardened just for the sake of .net support! |
| 7 |
> Do you think it is possible to create an entirely seperate chroot |
| 8 |
> environment on said server, from which to run apache on a non-standard |
| 9 |
> port, which is non-hardened and has mono support? |
| 10 |
|
| 11 |
what matters for letting mono run under PaX is that you have to exempt |
| 12 |
it for runtime code generation. i don't know how apache/mono interact, |
| 13 |
but you'll see it from the PaX kill logs and you'll have to paxctl -m |
| 14 |
the affected process. |
| 15 |
|
| 16 |
if it's apache itself (e.g., it uses mono as some module vs. running |
| 17 |
mono as a separate process) then you're best off by having two apache |
| 18 |
binaries, one you should use for serving normal web content and run |
| 19 |
it with full PaX protections, and the other for serving mono stuff |
| 20 |
and have it exempted. in any case, you'll have to exempt the mono |
| 21 |
executable itself since it generates code at runtime. |
| 22 |
|
| 23 |
-- |
| 24 |
gentoo-hardened@g.o mailing list |
Archives