FS#39983 : [linux-grsec] kernel.pax.softmode should be disabled by default

FS#39983 - [linux-grsec] kernel.pax.softmode should be disabled by default

Attached to Project: Community Packages
Opened by Daniel Micay (thestinger) - Monday, 21 April 2014, 02:16 GMT
Last edited by Daniel Micay (thestinger) - Thursday, 22 May 2014, 09:15 GMT

Task Type	Feature Request
Category	Packages
Status	Closed
Assigned To	Daniel Micay (thestinger)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Daniel Micay (thestinger) (2014-04-21)
Private	No

Details

This will require setting PaX exceptions for binaries broken by the restrictions. This can be done via extended attributes, but there's no sane way to do it from the package itself. Another solution is to set these via an RBAC policy, but that comes with other issues.

This task depends upon

Closed by Daniel Micay (thestinger)
Thursday, 22 May 2014, 09:15 GMT
Reason for closing: Implemented
Additional comments about closing: installing the paxd package enables PaX and handles setting exceptions after Pacman transactions

Comment by Daniel Micay (thestinger) - Thursday, 22 May 2014, 09:15 GMT

I wrote a tiny daemon to work around this: https://github.com/thestinger/paxd

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#39983 - [linux-grsec] kernel.pax.softmode should be disabled by default

Details

Loading...