On 20 May 2007 at 4:32, Matt Poletiek wrote:
> Im guessing this might require a toolchain/userland
rebuild if
> COMPAT_VDSO is the culprit since a recompile-reboot
didnt change the
> output of paxtest. Can anyone validate this?
COMPAT_VDSO is needed only on systems running a rather old
glibc
(by current terms), gentoo doesn't even have that one in
portage
anymore iirc. on the other hand you set your PaX control
method
to come from the ACL system (grsec here) and i guess you
haven't
set up any policies for the paxtest binaries, so chances are
that
nothing is enabled on them by default. you can verify the
runtime
PaX flags in /proc/<pid>/status - if all are lowercase
then PaX
is effectively disabled for those binaries/processes.
--
gentoo-hardened gentoo.org mailing list
|
