[grsec] difference between "new" and "legacy" toolchain
pageexec at freemail.hu
pageexec at freemail.hu
Sat Oct 30 14:15:41 EDT 2004
> enabling the PAX features requires your applications beeing compiled with "a
> new toolchain". Now I'm wondering what's that exactly. Does this only mean,
> I need simply a quite recent gcc/coreutils/etc. or what's so special about
> the needed toolchain?
you need only a new binutils (ld) and you can find the patch on the
PaX homepage. gentoo already includes it by default, maybe others do
as well, you can check it by issuing ld --help and see if it has the
-z execheap/noexecheap options. this new ld emits a new PaX specific
program header called PT_PAX_FLAGS which is the new placeholder of PaX
related control information, use paxctl to access it.
More information about the grsecurity
mailing list