1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Alexander Skwar wrote: |
5 |
> Willie Wong wrote: |
6 |
>> On Sun, Apr 16, 2006 at 11:19:46AM +0200, Penguin Lover Alexander |
7 |
>> Skwar squawked: |
8 |
>>> Now, how do I allow text relocations for just ONE binary, while |
9 |
>>> keeping it disallowed for every other executable (the ones which |
10 |
>>> already exist and the ones, which are to come in the future)? |
11 |
> [...] |
12 |
>>> I thought that I could do this with "chpax -m $binary" (replacing |
13 |
>>> $binary by the path to the executable, of course. In this case, |
14 |
>>> /usr/NX/bin/nxagent). But, I did this, and I still get the error |
15 |
>>> message. |
16 |
>> |
17 |
>> 1. Check and make sure there are no zombie processes of the desired |
18 |
>> binary running. |
19 |
> |
20 |
> [x] No Zombies |
21 |
> |
22 |
>> 2. Personally I use paxctl (the interface is slightly more robust in |
23 |
>> that I don't have to group all the flags in the first argument). |
24 |
>> 3. So, post the output of 'chpax -v $binary'? It should have the line |
25 |
>> *mprotect() : not restricted |
26 |
> |
27 |
> askwar@hetzner /usr/src $ /sbin/chpax -v /usr/NX/bin/nxagent |
28 |
> |
29 |
> ----[ chpax 0.7 : Current flags for /usr/NX/bin/nxagent (pEmrxs) ]---- |
30 |
> |
31 |
> * Paging based PAGE_EXEC : disabled |
32 |
> * Trampolines : emulated |
33 |
> * mprotect() : not restricted |
34 |
> * mmap() base : not randomized |
35 |
> * ET_EXEC base : not randomized |
36 |
> * Segmentation based PAGE_EXEC : disabled |
37 |
> |
38 |
> I now used paxctl, like you suggested in 2.. I ran: |
39 |
> |
40 |
> paxctl -m /usr/NX/bin/nxagent |
41 |
> |
42 |
> And see: |
43 |
> |
44 |
> askwar@hetzner /usr/src $ sudo paxctl -v /usr/NX/bin/nxagent |
45 |
> PaX control v0.4 |
46 |
> Copyright 2004,2005 PaX Team <pageexec@××××××××.hu> |
47 |
> |
48 |
> - PaX flags: -----m-x-e-- [/usr/NX/bin/nxagent] |
49 |
> MPROTECT is disabled |
50 |
> RANDEXEC is disabled |
51 |
> EMUTRAMP is disabled |
52 |
> |
53 |
> Now I am able to run NX. But none the less, I would still |
54 |
> like to know, why chpax did not work. |
55 |
> |
56 |
> Any ideas? |
57 |
> |
58 |
> Alexander Skwar |
59 |
Hi, |
60 |
Because chpax uses the old ELF-header markings and paxctl uses the new |
61 |
ones (binaries compiled with PIC & PIE, binutils 2.16.X). |
62 |
So you use chpax or paxctl depending on the binary. |
63 |
HTH.Rumen |
64 |
-----BEGIN PGP SIGNATURE----- |
65 |
Version: GnuPG v1.4.2.2-ecc0.1.6 (GNU/Linux) |
66 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
67 |
|
68 |
iD8DBQFEQkJoNbtuTtsWD3wRAtiRAJwIpQ8su9vvoF0xU8zBRhdvgB3VQgCeObWl |
69 |
EJt5COvdMDgjvqAMKUwUIj4= |
70 |
=++Z/ |
71 |
-----END PGP SIGNATURE----- |
72 |
-- |
73 |
gentoo-user@g.o mailing list |