1 |
2012.Május 17.(Cs) 15:07 időpontban Maxim Kammerer ezt írta: |
2 |
> On Thu, May 17, 2012 at 3:04 PM, Anthony G. Basile |
3 |
> <basile@××××××××××××××.edu> wrote: |
4 |
>> Liberte, last I looked, has quite a few hardening features off. |
5 |
> |
6 |
> True — this is made necessary by having to support virtualized |
7 |
> environments (and, of course, Xorg, wrt. GRKERNSEC_IO). Since out last |
8 |
> discussion on the subject, I have “discovered” the |
9 |
> GRKERNSEC_HARDENED_VIRTUALIZATION profile, which fits quite well the |
10 |
> settings that were carefully selected previously. |
11 |
> |
12 |
> By the way, Liberté also mounts /dev with noexec, and I received no |
13 |
> complaints so far (see bug #92921). I also grepped the driver sources |
14 |
> before making the change, and didn't find any attempts to map /dev/mem |
15 |
> with PROT_EXEC. No idea if the noexec issue is still present with |
16 |
> proprietary drivers, though. |
17 |
|
18 |
How would I change the way /dev gets mounted? I don't have noexec as an |
19 |
option listed by mount for the udev entry. |
20 |
In my policy file Xorg is permitted to execute /dev/mem: is that no longer |
21 |
needed? I use the radeon driver, not the proprietary. |
22 |
|
23 |
Regards: |
24 |
Dw. |
25 |
-- |
26 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
27 |
Attila Toth MD, Radiologist, +36-20-825-8057 |
28 |
|
29 |
> |
30 |
> -- |
31 |
> Maxim Kammerer |
32 |
> Liberté Linux (discussion / support: http://dee.su/liberte-contribute) |
33 |
> |
34 |
> |