| 1 |
> But, after we drop PT_PAX, this is only *worse* for the people in |
| 2 |
> (1.a). That's a much smaller group than /everyone/ who switches to |
| 3 |
> hardened. |
| 4 |
|
| 5 |
There seems to be the theoretical possibility of dropping XT_PAX instead |
| 6 |
of PT_PAX. The correct work of PAX markings would then not depend on the |
| 7 |
file system used. Therefore users with and without capable file systems |
| 8 |
could switch to hardened freely, since all the pax-markings would have |
| 9 |
been succeessfully applied to the executables. |
| 10 |
|
| 11 |
I am only a user of Gentoo Hardened (amd64) and do not know, why that |
| 12 |
option seems would not be a viable path. |
| 13 |
Is it because of self-checking binary blobs? |
| 14 |
Perhaps, it should be at least a valid choice to not drop (legacy?) |
| 15 |
PT_PAX markings - just in case you want to use hardened without xattr or |
| 16 |
want to upgrade from vanilla. |
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
-- |
| 21 |
Allan Wegan |
Archives