[grsec] CONFIG_PAX_KERNEXEC needs userspace protection?
pageexec at freemail.hu
pageexec at freemail.hu
Mon Jun 30 08:13:53 EDT 2008
On 29 Jun 2008 at 21:57, Carlos Carvalho wrote:
> In trying to compile 2.6.25.9 I couldn't use CONFIG_PAX_KERNEXEC
> because it needs CONFIG_PAX_NOEXEC, which in turn needs either
> CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC. I find it strange that one
> cannot chose noexec protection for the kernel without activating it
> for userspace as well. This didn't happen before.
it's slipped in as part of spender's pax config sanity checks, i guess he
just didn't think of this particular combination, should be fixed soon. in
the meantime you can just fix it yourself in include/linux/grsecurity.h.
More information about the grsecurity
mailing list