On Fri, Mar 30, 2012 at 07:13:38PM +0200, Ђорђе Тодоровић wrote:
> I am currently trying to run: net-im/skype on an amd64 non-multilib hardened
> profile. I have grsec and pax enabled in kernel (.config in attachment), and I
> am aware of this bug: [1], I am also aware that Skype is masked on harde
On Thu, 29 Mar 2012, Sven Vermeulen wrote:
You can try to make it a valid ELF header first, and then paxmark it.
I have the following for my Skype:
paxctl -C /opt/skype/skype
paxctl -me /opt/skype/skype
I tried running paxctl -Cm on it (should be ran on install with pax_kernel USE
flag), by i
Hiya folks
I just pushed a small update to the SELinux policies to hardened-dev
overlay. This includes the following fixes on top of rev 5:
#405425 Allow syslog-ng to getsched capability (needed for its new
threading implementation)
Do not audit sys_admin capability for dhcpc (in
On 30 Mar 2012 at 20:12, wrote:
> On Thu, 29 Mar 2012, Sven Vermeulen wrote:
>
> >You can try to make it a valid ELF header first, and then paxmark it.
> >
> >I have the following for my Skype:
> >paxctl -C /opt/skype/skype
> >paxctl -me /opt/skype/skype
>
> I tried running paxctl -Cm on it (sho
On Thu, 29 Mar 2012 17:23:06 +
Sven Vermeulen wrote:
> You can try to make it a valid ELF header first, and then paxmark it.
I'm sure it's unrelated as I'd guess skype would give the error mesage
and shouldn't be able to overwrite it's binary but there's a new CONFIG
in the recent grsecurity
W dniu 30.03.2012 20:12, Ђорђе Тодоровић pisze:
> On Thu, 29 Mar 2012, Sven Vermeulen wrote:
>
>> You can try to make it a valid ELF header first, and then paxmark it.
>>
>> I have the following for my Skype:
>> paxctl -C /opt/skype/skype
>> paxctl -me /opt/skype/skype
>
> I tried running paxctl -C
BTW:
What is the current state of xt_pax compared to the initial announcement?
http://archives.gentoo.org/gentoo-dev/msg_4fc5b8e2bdd09f7394b23b44d944c4d7.xml
I see the new USE flag for hardened-sources. What should I expect upon
enabling it on a regular hardened system?
Can I help with testing? If
