Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] grsec / paxctld #34

Open
r3dlight opened this issue Sep 18, 2018 · 1 comment
Open

[Question] grsec / paxctld #34

r3dlight opened this issue Sep 18, 2018 · 1 comment

Comments

@r3dlight
Copy link

r3dlight commented Sep 18, 2018
edited
Loading

Hi all,

I'm probably missing something here but why don't you use paxctld ?
https://packages.debian.org/stretch/admin/paxctld

CONFIG_PAX_XATTR_PAX_FLAGS=y
#CONFIG_PAX_PT_PAX_FLAGS is not set

No more PT_GNU_STACK overwriting, it reads flags from /etc/paxctld.conf and use xattr... in case you might want to update your binaries.

Cheers
@citypw
Copy link
Contributor

citypw commented Sep 18, 2018

Hi, we've been using pax-bites on Debian and Linux Mint a few years since we figured that XATTR is the stuff we need:

https://github.com/hardenedlinux/hardenedlinux_profiles/tree/master/debian

paxctld is an option indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@citypw @r3dlight