From: | lnxg33k <lnxg33k@×××××.com> | ||
---|---|---|---|
To: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] My first hardened install | ||
Date: | Sun, 20 May 2007 05:55:10 | ||
Message-Id: | 464FE23D.5060003@gmail.com | ||
In Reply to: | [gentoo-hardened] My first hardened install by Matt Poletiek |
1 | Matt Poletiek wrote: |
2 | > However, this time (on the dual p3 system) paxtest is still able to do a |
3 | > lot.... |
4 | <snip> |
5 | > # Sysctl support |
6 | > # |
7 | > CONFIG_GRKERNSEC_SYSCTL=y |
8 | > CONFIG_GRKERNSEC_SYSCTL_ON=y |
9 | |
10 | I believe this is the problem here. sysctl is used to modify the kernel so by |
11 | enabling its usage, one can essentially have their way. If you disable sysctl |
12 | support, it will probably fix most of those vulnerabilities. |
13 | -- |
14 | gentoo-hardened@g.o mailing list |
Subject | Author |
---|---|
Re: [gentoo-hardened] My first hardened install | Matt Poletiek <chill550@×××××.com> |
Re: [gentoo-hardened] My first hardened install | Andrew Ross <aross@g.o> |