1 |
On Wed, Jul 18, 2007 at 01:22:46AM +0200, Christian Parpart wrote: |
2 |
> Hi all, |
3 |
> |
4 |
> I fear a little in using PaX because when you mark a binary with certain |
5 |
> flags, that are doomed to be destroyed as soon as you upgrade the according |
6 |
> ebuild that installed this binary executable. |
7 |
> |
8 |
> Is there any ideal way to deal such situations or am I missing some point? |
9 |
> |
10 |
|
11 |
You could use the ACL system in grsecurity - that can set arbitrary pax |
12 |
flags on a binary, and is stored in a central location in /etc/grsec. |
13 |
|
14 |
> Thanks in advance, |
15 |
> Christian Parpart. |
16 |
|
17 |
|
18 |
-- |
19 |
gentoo-hardened@g.o mailing list |