[grsec] PAX_NOELFRELOCS survey
Brad Spengler
spender at grsecurity.net
Sat Jul 24 21:24:15 EDT 2010
Hi all,
The PaX Team and I are discussing making PAX_NOELFRELOCS a default-on
feature of PAX_MPROTECT in combination with the new PAX_MPROTECT
behavior that denies RWX mappings instead of silently demoting them to
RW (so that apps like clamav can know that RWX mappings aren't allowed
and implement a fallback mechanism, instead of requiring a chpax -m).
We'll then combine the old PAX_MPROTECT behavior and perhaps
!PAX_NOELFRELOCS and turn this into a PAX_COMPAT option, disabled by
default.
So I'd like to do a little survey of those who are currently using
PAX_NOELFRELOCS or have attempted to use it. If you're currently using
it, could you report the distro and version it's worked for? If you've
tried it and found some application incompatibilities, can you report
the distro, version, and application? If there exist any current
incompatibilities we can work together to resolve these upstream.
You don't need to respond to the list, just reply to me directly at
spender at grsecurity.net.
Thanks,
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://grsecurity.net/pipermail/grsecurity/attachments/20100724/c0385cc7/attachment.pgp>
More information about the grsecurity
mailing list