Archives
Archives
| From: | "Török Edwin" <edwintorok@×××××.com> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Cc: | p.labushev@×××××.com, Kyle Bader <kyle.bader@×××××.com> | ||
| Subject: | Re: [gentoo-hardened] FYI: Clamav bytecode feature isn't compatible with PaX | ||
| Date: | Thu, 22 Jul 2010 17:02:34 | ||
| Message-Id: | 20100722192720.3c598d42@debian | ||
| In Reply to: | Re: [gentoo-hardened] FYI: Clamav bytecode feature isn't compatible with PaX by Pavel Labushev |
||
| 1 | On Thu, 22 Jul 2010 23:25:10 +0800 |
| 2 | Pavel Labushev <p.labushev@×××××.com> wrote: |
| 3 | |
| 4 | > 22.07.2010 19:52, "Tóth Attila" пишет: |
| 5 | > |
| 6 | > > 1. What is the neat way of detecting PaX running on a system? |
| 7 | > |
| 8 | > To check /proc/self/status for "PaX:". That's what host-is-pax from |
| 9 | > pax-utils.eclass does. |
| 10 | > |
| 11 | |
| 12 | On Thu, 22 Jul 2010 07:08:30 -0700 |
| 13 | Kyle Bader <kyle.bader@×××××.com> wrote: |
| 14 | |
| 15 | > > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2092 |
| 16 | > > http://bugs.gentoo.org/show_bug.cgi?id=326199 |
| 17 | > > |
| 18 | > > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2092#c39 |
| 19 | > > It raises two questions: |
| 20 | > > 1. What is the neat way of detecting PaX running on a system? |
| 21 | > |
| 22 | > http://tk-blog.blogspot.com/2009/02/checksec.html |
| 23 | > |
| 24 | > > 2. Edwin Török says PaX allows RWX mapping and kills the program |
| 25 | > > after that. |
| 26 | > |
| 27 | > http://pax.grsecurity.net/docs/pageexec.txt |
| 28 | > |
| 29 | |
| 30 | Thanks. I have implemented PaX detection, see attached patch. |
| 31 | |
| 32 | I'll commit it shortly to the ClamAV repository. |
| 33 | |
| 34 | Best regards, |
| 35 | --Edwin |
| File name | MIME type |
|---|---|
| pax.patch | text/x-patch |