Where is the patch that removes .text relocations from mplayer and
xine-lib? Solar said on IRC that was one lying around somewhere. I
searched on Gentoo Bugzilla and on the Web with Google and I did not
find it.
Why? This is what I get from /usr/bin/xine (part of xine-ui)
This is xine (X11 gui) -
I found out symlinking libtool-nofpic to libtool (which produces PIC
binaries) eliminates most of the relocations. I am able to build on
Gentoo either outside Portage or using my custom ebuild.
Just add "use x86 && has_pic && ln -sf libtool ${S}/libtool-nofpic"
right after econf. You can also comm
> Better yet, add --enable-fpic to econf. The change proposed above w/ the
> link is allowed conditionally, if use has_pic && use x86 (probably amd64
> too)
Yes, --enable-fpic worked.
> xineplug_decode_ff.so is clean as of 1.0.1, I remove the rest from the
> system, else xine-lib fails to load (se
Does genkernel has a feature that builds a temporary kernel, reboots
the computer, performs hardware auto-detection (similar to LiveCDs)
with the temporary kernel and rebuild a monolithic kernel based on
auto-detection results?
I am a bit unconfortable on building monolithic kernels.
--
gentoo-h
I have been building and using a grsecurity-enabled kernel for more
than two years. I am accustomed to configure such a kernel. However, I
never used the mandatory access control system that is provided.
* How do I make a policy?
* Are there reference policies? In that case, where can I get them?
On 3/16/07, Caleb Cushing <[EMAIL PROTECTED]> wrote:
are there any real advantages to using hardened sources if you aren't
applying any pax or grsecurity patches? given that you can get selinux in
regular gentoo sources.
I have a related question. Why hardened-sources does not use the base
genpa
On 3/20/07, Ned Ludd <[EMAIL PROTECTED]> wrote:
> I have a related question. Why hardened-sources does not use the base
> genpatches?
they do/did.. What makes you think otherwise?
Older 2.4 hardened-sources were not using genpatches. I thought this
aspect has not changed, but I was wrong.
--
ge
I am unable to boot on a SATA drive using the kernel mentioned in the
title. I have no problem to boot a 2.6.19 hardened kernel however. My
motherboard is nForce 430-based and the 2.6 kernel uses the sata_nv
driver (built-in, not as module). I tried to use the same driver on
2.4 (also built-in), b
On 5/31/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
have you got UDEREF enabled? if so, can you try without it?
No, UDEREF is not set on both kernels.
--
[EMAIL PROTECTED] mailing list
I did an experiment by building the libata drivers as modules. During
make modules_install, I got "Unresolved symbols" errors for every
driver. What kernel configuration option am I missing ?
depmod: *** Unresolved symbols in
/lib/modules/2.4.33.4-hardened-grsec/kernel/drivers/scsi/sata_nv.o
depm
No, the problem was SCSI and SCSI disk support were built as modules,
not in-kernel. Now, init runs, but e2fsck does not grok my root
partition (formatted with a 2.6 kernel).
--
[EMAIL PROTECTED] mailing list
On 6/20/07, Brant Williams <[EMAIL PROTECTED]> wrote:
What error(s) do you see?
e2fsck was doing a fatal error and I was forced to reboot. It is now
solved after I updated e2fsprogs.
Long answer : I restarted a hardened+uclibc installation using a very
old stage3 tarball (dating back from 2005)
When I try to start a virtual machine VirtualBox 1.5.2 OSE and the
host kernel is ~hardened-sources-2.6.23, the virtual machine window
freezes and I find the following in dmesg :
[ cut here ]
kernel BUG at mm/mmap.c:1695!
invalid opcode: [#1]
PREEMPT SMP
Modules linked
On Dec 2, 2007 5:10 AM, Christian Heim <[EMAIL PROTECTED]> wrote:
> On 01/12/07 16:17 -0500, Ren? Rh?aume wrote:
> > When I try to start a virtual machine VirtualBox 1.5.2 OSE and the
> > host kernel is ~hardened-sources-2.6.23, the virtual machine window
> > freezes and I find the following in dme
I added kernel.grsecurity.disable_modules = 1 to my /etc/sysctl.conf .
However, iptables and net.eth1 init scripts were unable to start. I
already had the module for my NIC (8139too) in
/etc/modules.autoload.d/kernel-2.6 . I added iptable_filter and
nf_conntrack_ipv4 to it, then rebooted, but the i
Some grSecurity features have a clear warning they break XFree86
(disable privileged IO, for example). Do those warnings apply to
modular Xorg too, as they were not updated for the last three years?
--
[EMAIL PROTECTED] mailing list
On Mon, Oct 6, 2008 at 11:04 AM, Markus Bartl
<[EMAIL PROTECTED]> wrote:
> Hi there.
>
> I did a fresh installation with hardened-sources 2.6.25-r7 with pax and
> grsec (server) enabled.
> After installing dhcpd with configuration to chroot - environment I get the
> following errors in /var/log/deb
On Fri, Jan 23, 2009 at 11:45 AM, Grant wrote:
> Very close. PAGEEXEC is enabled, but so is SEGMEXEC. My CPU is a
> P4-2.8, and I'm not sure about NX support but these are the flags:
>
> fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36
> clflush dts acpi mmx fxsr sse sse2 ss h
I would like to try out this feature, but every time I tried to update
glibc, hardened or not, shit happened. Therefore, I have to perform
another Gentoo install somewhere else, then swap the installs. Is
there any plan to get automated builds of hardened stages?
I have a somewhat crazy idea to run JIT code with mprotect enforced:
instead of putting the generated code into anonymous memory, why not put it
as a shared library inside a tmpfs, the the host program simply call dlopen
on it? This way, we would have JIT code (faster than interpreted code),
ahead-
2015-09-07 10:41 GMT-04:00 PaX Team :
>
> On 30 Aug 2015 at 21:54, François wrote:
>
> > Thanks for your answer (sorry to respond that late). It actually makes
> > sense, I thought there was some *magic* possible.
>
> i wouldn't call it magic but PaX used to provide RANDEXEC:
>
> https://pax.grse
By looking at the addresses in the stack trace, is it me or is it a
case of a stack overflow beacuse of an infinite recursion?
Lennart gave another reason to stay away from his code.
--
René Rhéaume
22 matches
Mail list logo
