| 1 |
Chris S wrote: |
| 2 |
|
| 3 |
> Chris S wrote: |
| 4 |
> |
| 5 |
>> Thank you for your reply. This makes sense. I guess the problem is |
| 6 |
>> that I need to run .net as a service on an internet visible server. I |
| 7 |
>> do not however want to remove hardened just for the sake of .net |
| 8 |
>> support! |
| 9 |
>> Do you think it is possible to create an entirely seperate chroot |
| 10 |
>> environment on said server, from which to run apache on a |
| 11 |
>> non-standard port, which is non-hardened and has mono support? |
| 12 |
>> |
| 13 |
>> Cheers, |
| 14 |
>> -c |
| 15 |
>> |
| 16 |
> sorry I just realised the stupidity of my sugestion. a chrooted |
| 17 |
> environment will still use the system kernel, which would be hardened. |
| 18 |
> Interestingly enough, however I don't yet have GRSEC enabled in my |
| 19 |
> kernel yet mono fails. I assume there are other hardened options |
| 20 |
> stopping it. |
| 21 |
> |
| 22 |
> Cheers, |
| 23 |
> -c |
| 24 |
> |
| 25 |
Hi, |
| 26 |
Beside grsec in hardened (grsec2&PaX) there is also the PaX-kernel-patch. |
| 27 |
If an app tries to exec data as code, then it's PaX thing. PaX refuses |
| 28 |
to run data as code (if configured). |
| 29 |
Check the logs to see why/who stops the program/s. |
| 30 |
HTH. Rumen |
Archives