[grsec] pax and kaspersky kavscanner
John Logsdon
j.logsdon at quantex-research.com
Tue Mar 8 03:44:55 EST 2005
This is an interesting issue.
There are reasons why MD5 checking is done on a hardened platform which
may well be running rkhunter for example as well as grsec/pax. Since the
MD5 signatures are generated externally in the original program, use of
chpax leads to an MD5 error.
So if you want to do a check on a file - what are the options?
1 Is it possible to do a partial checksum that avoids the elf-flags that
chpax affect?
2 Is it possible to chpax a file before distributing it - ie before the
MD5 is calculated?
TIA
John
John Logsdon "Try to make things as simple
Quantex Research Ltd, Manchester UK as possible but not simpler"
j.logsdon at quantex-research.com a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com
On Tue, 8 Mar 2005 pageexec at freemail.hu wrote:
> > unfortunately kavscanner is killed by pax. If i change the flags with
> > chpax kavscaner refuses to start because it has a signed executable and
> > after changing the elf-flags this signature is detected as invalid.
> >
> > what options do i have to use pax on this system. I dont want to use
> > softmode. paxctl does not seem to have any effect at all, after setting
> > some flags with paxctl i cant see them using "paxctl -v"
>
> 1. you can use the RBAC system to turn off pax flags without having
> to touch the executable (paxctl works only if the target has a
> PT_PAX_FLAGS program header, and even then it'd mean changing the
> file)
>
> 2. you can tell kaspersky labs to stop this silly self-encryption/check
> thing, it doesn't do anything useful.
>
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>
More information about the grsecurity
mailing list