| 1 |
What do I lose by disabling it? If I am reading this correctly all the |
| 2 |
grsec features will be on by default if sysctl support is disabled? |
| 3 |
|
| 4 |
On 5/19/07, lnxg33k <lnxg33k@×××××.com> wrote: |
| 5 |
> Matt Poletiek wrote: |
| 6 |
> > However, this time (on the dual p3 system) paxtest is still able to do a |
| 7 |
> > lot.... |
| 8 |
> <snip> |
| 9 |
> > # Sysctl support |
| 10 |
> > # |
| 11 |
> > CONFIG_GRKERNSEC_SYSCTL=y |
| 12 |
> > CONFIG_GRKERNSEC_SYSCTL_ON=y |
| 13 |
> |
| 14 |
> I believe this is the problem here. sysctl is used to modify the kernel so by |
| 15 |
> enabling its usage, one can essentially have their way. If you disable sysctl |
| 16 |
> support, it will probably fix most of those vulnerabilities. |
| 17 |
> -- |
| 18 |
> gentoo-hardened@g.o mailing list |
| 19 |
> |
| 20 |
> |
| 21 |
|
| 22 |
|
| 23 |
-- |
| 24 |
Matthew Poletiek |
| 25 |
www.chill-fu.net |
| 26 |
-- |
| 27 |
gentoo-hardened@g.o mailing list |
Archives