[Classic-discuss] tinysofa and grsecurity
Jaakko Heinonen
jh at tinysofa.org
Wed Dec 6 18:07:33 UTC 2006
On 2006-12-06, Mikael Bak wrote:
> 1) Are the binaries in the distribution built as described here:
> http://www.grsecurity.net/wiki/index.php/GrsecurityUserLandConfiguration
Well, we don't have the PaX part of grsecurity at all in our kernel. We
have exec-shield patch which is similar to PaX. Most of service
executables related to networking has been compiled as PIE.
> 2) Should contrib rpms contain rules for the specific application?
They could contain them.
> 3) The "stop" in /etc/init.d/grsec is empty. Is this on purpose? If yes, why?
Yes. You need to type the RBAC password to disable grsecurity RBAC.
That's why it's not suitable to disable RBAC in the init script.
--
Jaakko
More information about the Classic-discuss
mailing list