| 1 |
On 29/04/17 18:58, Luis Ressel wrote: |
| 2 |
> On Sat, 29 Apr 2017 18:52:56 +0200 |
| 3 |
> Javier Juan Martinez Cabezon <tazok.id0@×××××.com> wrote: |
| 4 |
> |
| 5 |
>> It's not one PaX alternative as its only one of its features but rsbac |
| 6 |
>> recently implemented native W or X and seems to work fine |
| 7 |
> |
| 8 |
> If you're only looking for userland W^X, SELinux has some support for |
| 9 |
> that, too (I don't know anything about the internal workings, though). |
| 10 |
> But grsec/PaX has quite some interesting features beyond that. |
| 11 |
> |
| 12 |
> Regards, |
| 13 |
> Luis |
| 14 |
> |
| 15 |
|
| 16 |
|
| 17 |
I think that if Pipacs want to follow his own way, it's his decision and |
| 18 |
we shall respect it. |
| 19 |
|
| 20 |
W or X its implemented in selinux and rsbac, nx gets shipped in recent |
| 21 |
systems, but in those computers that haven't nx it couldn't get emulated |
| 22 |
without PaX, there are some gcc plugins that emulates some kernel land |
| 23 |
PaX features as uderef, vanilla brings some ASLR, maybe not perfect o |
| 24 |
weakier buy maybe hardened gentoo could follow this path and could be |
| 25 |
coherent with their own way of working, with profiles and specs. |
Archives