Kevin F. Quinn wrote:
> On Wed, 14 Feb 2007 17:09:22 +0100
> "Tino Müller" <[EMAIL PROTECTED]> wrote:
> 
>> # CONFIG_PAX_NO_ACL_FLAGS is not set
>> CONFIG_PAX_HAVE_ACL_FLAGS=y
>> # CONFIG_PAX_HOOK_ACL_FLAGS is not set
> 
> I think your DAC is overriding the PaX headers on the paxtest
> binaries, and it's operating in a mode where it relaxes everything by
> default.
> 
> If you're not using a DAC, you probably want CONFIG_PAX_NO_ACL_FLAGS=y
> instead.
> 

These options are set automatically, if within "File systems" any option named 
"* POSIX Access Control Lists" is enabled. These options are enabled by default 
in hardened-sources 2.6.19-r6. I disabled them and .config reads:

CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

I built the kernel, installed it and rebooted, but the results of paxtest 
didn't change.
Maybe I have to rebuild more packages, but first I try to install the system 
with ACCEPT_KEYWORDS=x86 and hardened-sources-2.6.18 and see, what happens.

Tino
-- 
[email protected] mailing list

Reply via email to