Debian-GNU-Linux-Profiles icon indicating copy to clipboard operation
Debian-GNU-Linux-Profiles copied to clipboard

Published 20 hours ago verified publisher icon hardenedlinux

[Question] grsec / paxctld

Open r3dlight opened this issue 7 years ago • 1 comments

Hi all,

I'm probably missing something here but why don't you use paxctld ? https://packages.debian.org/stretch/admin/paxctld

CONFIG_PAX_XATTR_PAX_FLAGS=y #CONFIG_PAX_PT_PAX_FLAGS is not set

No more PT_GNU_STACK overwriting, it reads flags from /etc/paxctld.conf and use xattr... in case you might want to update your binaries.

Cheers

r3dlight avatar Sep 18 '18 11:09 r3dlight

Hi, we've been using pax-bites on Debian and Linux Mint a few years since we figured that XATTR is the stuff we need:

https://github.com/hardenedlinux/hardenedlinux_profiles/tree/master/debian

paxctld is an option indeed.

citypw avatar Sep 18 '18 14:09 citypw