| 1 |
On Wed, Jul 18, 2007 at 01:22:46AM +0200, Christian Parpart wrote: |
| 2 |
> Hi all, |
| 3 |
> |
| 4 |
> I fear a little in using PaX because when you mark a binary with certain |
| 5 |
> flags, that are doomed to be destroyed as soon as you upgrade the according |
| 6 |
> ebuild that installed this binary executable. |
| 7 |
> |
| 8 |
> Is there any ideal way to deal such situations or am I missing some point? |
| 9 |
> |
| 10 |
|
| 11 |
You could use the ACL system in grsecurity - that can set arbitrary pax |
| 12 |
flags on a binary, and is stored in a central location in /etc/grsec. |
| 13 |
|
| 14 |
> Thanks in advance, |
| 15 |
> Christian Parpart. |
| 16 |
|
| 17 |
|
| 18 |
-- |
| 19 |
gentoo-hardened@g.o mailing list |
Archives