[grsec] learn_config: high-reduce-path does not work for subdirectories?

Marc Schiffbauer marc at schiffbauer.net
Tue Mar 22 12:24:39 EST 2005


* Brad Spengler schrieb am 22.03.05 um 16:36 Uhr:
> > In the learn_config I set:
> > 
> > high-reduce-path /var/lib/amavis
> > 
> > (I removed the default high-reduce-path /var/lib entry)
> 
> The high-reduce-path directive doesn't ensure that a path will be 
> reduced fully: that depends on the heuristics/graph analysis.  In this 
> case, because you have many read-only and find-only accesses within the 
> path, it decided to protect those specific paths.  I'll add an 
> always-reduce directive or something to that effect so that you can get 
> the results you're looking for.

Yes, this sounds good! Thank you. 

-Marc
-- 
+-O . . . o . . . O . . . o . . . O . . .  ___  . . . O . . . o .-+
| Ein Service von Links2Linux.de:         /  o\   RPMs for SuSE   |
| --> PackMan! <-- naeheres unter        |   __|   and  others    |
| http://packman.links2linux.de/ . . . O  \__\  . . . O . . . O . |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050322/82d971c0/attachment.pgp


More information about the grsecurity mailing list