[grsec] pax and kaspersky kavscanner

Nabil SEFRIOUI admin at osmium-work.com
Tue Mar 8 15:07:48 EST 2005


Hi,

i'm using kaspersky with a pax enabled system, Hardened Linux From 
Scratch (HLFS SVN-20050225) in my case, and there is no visible 
problem, kaspersky kavscanner and ave{server,client} works just fine.

I'm not a toolchain expert and i can't explain why things are 
working ... :) all i can say is that i have faced the kaspersky/pax 
problem in the past with a regular LFS build+grsecurity(pax enabled)

HLFS differs from LFS in the nature of building, HLFS comes whith GCC 
Stack Smatching Protector and Position Independent Exectuables enabled 
by default and the whole system is built whith these extentions

if someone can give us a real explanation, it will be welcome...


Le Mardi 08 Mars 2005 08:54, Peter S. Mazinger a écrit :
> On Mon, 7 Mar 2005, Jens-Uwe Katolla wrote:
> > hello,
> >
> > i have a pax enabled kernel and try to use kavscanner on that
> > machine.
> >
> > unfortunately kavscanner is killed by pax. If i change the flags
> > with chpax kavscaner refuses to start because it has a signed
> > executable and after changing the elf-flags this signature is
> > detected as invalid.
> >
> > what options do i have to use pax on this system. I dont want to
> > use softmode. paxctl does not seem to have any effect at all, after
> > setting some flags with paxctl i cant see them using "paxctl -v"
> >
> > anybody here who is using pax and kaspersky together?
>
> I have marked kavscanner w/ chpax (paxctl is useless here), and wrote
> a shell script, ignoring the message saying that the file is damaged
>
> Peter


More information about the grsecurity mailing list