Willie Wong wrote:
On Sun, Apr 16, 2006 at 11:19:46AM +0200, Penguin Lover Alexander Skwar
squawked:
Now, how do I allow text relocations for just ONE binary, while
keeping it disallowed for every other executable (the ones which
already exist and the ones, which are to come in the future)?
[...]
I thought that I could do this with "chpax -m $binary" (replacing
$binary by the path to the executable, of course. In this case,
/usr/NX/bin/nxagent). But, I did this, and I still get the error
message.
1. Check and make sure there are no zombie processes of the desired
binary running.
[x] No Zombies
2. Personally I use paxctl (the interface is slightly more robust in
that I don't have to group all the flags in the first argument).
3. So, post the output of 'chpax -v $binary'? It should have the line
*mprotect() : not restricted
[EMAIL PROTECTED] /usr/src $ /sbin/chpax -v /usr/NX/bin/nxagent
----[ chpax 0.7 : Current flags for /usr/NX/bin/nxagent (pEmrxs) ]----
* Paging based PAGE_EXEC : disabled
* Trampolines : emulated
* mprotect() : not restricted
* mmap() base : not randomized
* ET_EXEC base : not randomized
* Segmentation based PAGE_EXEC : disabled
I now used paxctl, like you suggested in 2.. I ran:
paxctl -m /usr/NX/bin/nxagent
And see:
[EMAIL PROTECTED] /usr/src $ sudo paxctl -v /usr/NX/bin/nxagent
PaX control v0.4
Copyright 2004,2005 PaX Team <[EMAIL PROTECTED]>
- PaX flags: -----m-x-e-- [/usr/NX/bin/nxagent]
MPROTECT is disabled
RANDEXEC is disabled
EMUTRAMP is disabled
Now I am able to run NX. But none the less, I would still
like to know, why chpax did not work.
Any ideas?
Alexander Skwar
--
Even more amazing was the realization that God has Internet access. I
wonder if He has a full newsfeed?
-- Matt Welsh
--
[email protected] mailing list
