[grsec] learn_config: high-reduce-path does not work for
subdirectories?
Marc Schiffbauer
marc at schiffbauer.net
Tue Mar 22 12:24:39 EST 2005
* Brad Spengler schrieb am 22.03.05 um 16:36 Uhr:
> > In the learn_config I set:
> >
> > high-reduce-path /var/lib/amavis
> >
> > (I removed the default high-reduce-path /var/lib entry)
>
> The high-reduce-path directive doesn't ensure that a path will be
> reduced fully: that depends on the heuristics/graph analysis. In this
> case, because you have many read-only and find-only accesses within the
> path, it decided to protect those specific paths. I'll add an
> always-reduce directive or something to that effect so that you can get
> the results you're looking for.
Yes, this sounds good! Thank you.
-Marc
--
+-O . . . o . . . O . . . o . . . O . . . ___ . . . O . . . o .-+
| Ein Service von Links2Linux.de: / o\ RPMs for SuSE |
| --> PackMan! <-- naeheres unter | __| and others |
| http://packman.links2linux.de/ . . . O \__\ . . . O . . . O . |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050322/82d971c0/attachment.pgp
More information about the grsecurity
mailing list