Kevin F. Quinn wrote: > On Wed, 14 Feb 2007 17:09:22 +0100 > "Tino Müller" <[EMAIL PROTECTED]> wrote: > >> # CONFIG_PAX_NO_ACL_FLAGS is not set >> CONFIG_PAX_HAVE_ACL_FLAGS=y >> # CONFIG_PAX_HOOK_ACL_FLAGS is not set > > I think your DAC is overriding the PaX headers on the paxtest > binaries, and it's operating in a mode where it relaxes everything by > default. > > If you're not using a DAC, you probably want CONFIG_PAX_NO_ACL_FLAGS=y > instead. >
These options are set automatically, if within "File systems" any option named "* POSIX Access Control Lists" is enabled. These options are enabled by default in hardened-sources 2.6.19-r6. I disabled them and .config reads: CONFIG_PAX_NO_ACL_FLAGS=y # CONFIG_PAX_HAVE_ACL_FLAGS is not set # CONFIG_PAX_HOOK_ACL_FLAGS is not set I built the kernel, installed it and rebooted, but the results of paxtest didn't change. Maybe I have to rebuild more packages, but first I try to install the system with ACCEPT_KEYWORDS=x86 and hardened-sources-2.6.18 and see, what happens. Tino -- [email protected] mailing list
