1 |
Chris S wrote: |
2 |
|
3 |
> Chris S wrote: |
4 |
> |
5 |
>> Thank you for your reply. This makes sense. I guess the problem is |
6 |
>> that I need to run .net as a service on an internet visible server. I |
7 |
>> do not however want to remove hardened just for the sake of .net |
8 |
>> support! |
9 |
>> Do you think it is possible to create an entirely seperate chroot |
10 |
>> environment on said server, from which to run apache on a |
11 |
>> non-standard port, which is non-hardened and has mono support? |
12 |
>> |
13 |
>> Cheers, |
14 |
>> -c |
15 |
>> |
16 |
> sorry I just realised the stupidity of my sugestion. a chrooted |
17 |
> environment will still use the system kernel, which would be hardened. |
18 |
> Interestingly enough, however I don't yet have GRSEC enabled in my |
19 |
> kernel yet mono fails. I assume there are other hardened options |
20 |
> stopping it. |
21 |
> |
22 |
> Cheers, |
23 |
> -c |
24 |
> |
25 |
Hi, |
26 |
Beside grsec in hardened (grsec2&PaX) there is also the PaX-kernel-patch. |
27 |
If an app tries to exec data as code, then it's PaX thing. PaX refuses |
28 |
to run data as code (if configured). |
29 |
Check the logs to see why/who stops the program/s. |
30 |
HTH. Rumen |