1 |
Don't agree. |
2 |
|
3 |
If you employ GRsecurity's RBAC, you can use PAX flags, like |
4 |
"PAX_MPROTECT" on a given subject (binary). Take a look at on the example |
5 |
policy file. |
6 |
|
7 |
Regards: |
8 |
Dw. |
9 |
-- |
10 |
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962 |
11 |
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962 |
12 |
|
13 |
On Pén, Április 10, 2009 18:29, Grant wrote: |
14 |
>>>> and create executable shell script in that dir: |
15 |
>>>> mozilla-firefox-bin.postinst |
16 |
>>>> ---cut--- |
17 |
>>>> #!/bin/bash |
18 |
>>>> ewarn "Running chpax -m /opt/firefox/firefox-bin to avoid crash on |
19 |
>>>> flash!" |
20 |
>>>> chpax -m /opt/firefox/firefox-bin |
21 |
>>>> ---cut--- |
22 |
>>>> |
23 |
>>> |
24 |
>>> Of course, if you compile firefox instead of using firefox-bin, then |
25 |
>>> file |
26 |
>>> should be named mozilla-firefox.postinst and you should use there |
27 |
>>> paxctl |
28 |
>>> instead of chpax. |
29 |
>>> |
30 |
>> A simple cron job or slightly-less-simple RBAC policy can do the trick. |
31 |
>> There's no need to mess with portage, imho. |
32 |
> |
33 |
> Thanks for the suggestions everyone. I think this type of persistence |
34 |
> should be built into portage. Maybe /etc/portage/package.nomprotect. |
35 |
> Do you agree? Should I file a bug? |
36 |
> |
37 |
> - Grant |
38 |
> |