[[grsecurity]]
 
Trace: » slapt-get » teamspeak » syslog-ng » singapore » multicast » coppermine » httptunnel » socket_udp » anonymizer » grsecurity

# stiahnut jadro a patch, opatchovat

Emulate trampolines - ee - CONFIG_PAX_PAGEEXEC a CONFIG_PAX_SEGMEXEC znemoznuju funkciu niektorych programov a ked trampoliny naemulujem tak tie programy budu zas fungovat ale znizim tym bezpecnostnu ucinnost CONFIG_PAX_PAGEEXEC a CONFIG_PAX_SEGMEXEC. Najlepsie je nechat to disablenute a potom to povolit cez chpax programom ktore to budu potrebovat.

Disallow ELF text relocations - ee - teda pokial mame kniznice ktore pouzivaju realokaciu textu. Zistim to tak, ze dam readelf -S /lib/* /usr/lib/* | grep .rel.text. a ak najde tak take kniznice mam (readelf zobrazuje priznaky ELF hlavicky a ak je medzi nimi .rel.text. tak dana kiznica relokaciu textu pouziva)

Default non-executable page method → SEGMEXEC

Ostatne vsetko enablenut

 
grsecurity.txt · Last modified: 31.03.2010 17:51 (external edit)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki