Archives
Archives
| From: | lnxg33k <lnxg33k@×××××.com> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] My first hardened install | ||
| Date: | Sun, 20 May 2007 05:55:10 | ||
| Message-Id: | 464FE23D.5060003@gmail.com | ||
| In Reply to: | [gentoo-hardened] My first hardened install by Matt Poletiek |
||
| 1 | Matt Poletiek wrote: |
| 2 | > However, this time (on the dual p3 system) paxtest is still able to do a |
| 3 | > lot.... |
| 4 | <snip> |
| 5 | > # Sysctl support |
| 6 | > # |
| 7 | > CONFIG_GRKERNSEC_SYSCTL=y |
| 8 | > CONFIG_GRKERNSEC_SYSCTL_ON=y |
| 9 | |
| 10 | I believe this is the problem here. sysctl is used to modify the kernel so by |
| 11 | enabling its usage, one can essentially have their way. If you disable sysctl |
| 12 | support, it will probably fix most of those vulnerabilities. |
| 13 | -- |
| 14 | gentoo-hardened@g.o mailing list |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] My first hardened install | Matt Poletiek <chill550@×××××.com> |
| Re: [gentoo-hardened] My first hardened install | Andrew Ross <aross@g.o> |