Hi!
On Sat, Sep 19, 2015 at 09:33:15PM +0200, PaX Team wrote:
> > > 1. enable ELFRELOCS in your kernel config (and keep MPROTECT enforced
> > > on all binaries)
> > Done. This works. I don't really like it, but let it be, at least for now.
> well, disabling MPROTECT is much worse, this way you can at least
> control which binaries can map libaries with textrels.
I don't get it. With MPROTECT I control which binaries won't be protected.
With ELFRELOCS I don't control binaries and all of them will be less protected.
And I doubt "all less protected" is better than "few not protected".
--
WBR, Alex.
