[grsec] pax and kaspersky kavscanner

John Logsdon j.logsdon at quantex-research.com
Tue Mar 8 03:44:55 EST 2005


This is an interesting issue.  

There are reasons why MD5 checking is done on a hardened platform which
may well be running rkhunter for example as well as grsec/pax.  Since the
MD5 signatures are generated externally in the original program, use of
chpax leads to an MD5 error.

So if you want to do a check on a file - what are the options?

1 Is it possible to do a partial checksum that avoids the elf-flags that
chpax affect?

2 Is it possible to chpax a file before distributing it - ie before the
MD5 is calculated?

TIA

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
j.logsdon at quantex-research.com              a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com


On Tue, 8 Mar 2005 pageexec at freemail.hu wrote:

> > unfortunately kavscanner is killed by pax. If i change the flags with 
> > chpax kavscaner refuses to start because it has a signed executable and 
> > after changing the elf-flags this signature is detected as invalid.
> > 
> > what options do i have to use pax on this system. I dont want to use 
> > softmode. paxctl does not seem to have any effect at all, after setting 
> > some flags with paxctl i cant see them using "paxctl -v"
> 
> 1. you can use the RBAC system to turn off pax flags without having
>    to touch the executable (paxctl works only if the target has a
>    PT_PAX_FLAGS program header, and even then it'd mean changing the
>    file)
> 
> 2. you can tell kaspersky labs to stop this silly self-encryption/check
>    thing, it doesn't do anything useful.
> 
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
> 




More information about the grsecurity mailing list