adapting grsec access

Robert Connolly robert at linuxfromscratch.org
Sat Nov 5 04:36:39 PST 2005


There's currently no way to force the system to only run software we built. 
The closest thing is to disallow non-root users to run programs that are in a 
directory not owned by root (or /tmp), so normal users can't run programs 
they downloaded or built themselves.

robert

On November 5, 2005 03:21 am, Jaap Struyk wrote:
> Op do 03-11-2005, om 19:22 schreef Kevin Day:
> > But wait, perhaps its entirely staticaly built.  If that is the case, its
> > a pretty big binary, but in theory it should work on any linux system.
>
> That would explain why it's running fine in it's gtk2 gui without me
> having it installed ;-)
>
> But since I'am not that smart I expected my Hlfs system only to run bins
> compiled with my own ssp compiler, I'am sorry to hear (and notice) it's
> not.
> --
> Groetjes Japie



More information about the hlfs-dev mailing list