0.2 Roadmap

Robert Connolly robert at linuxfromscratch.org
Wed Jul 26 11:22:08 PDT 2006


On July 26, 2006 12:59 pm, Sebastian Faulborn wrote:
> For the same reason it is important to set both the old AND new header
> types in the PAX settings in the kernel so that both kinds are supported
> (as recommended in the GRSecurity/PAX quickstart). When
> programs are compiled on HLFS, the new kind of headers will always be used.
>
> So I think one should at least put a note in the book telling about
> precompiled binaries and chpax. Note: PAX works on precompiled binaries in
> the same way as on self compiled ones. Its just SSP which is missing. So
> binaries are still protected by PAX/GRSecurity.

On the paxctl and kernel pages maybe. There's a legacy kernel option you will 
need to enable too, for these binary packages.

Gentoo might have a copy of jdk compiled with ssp and pt_pax. Getting one 
compiled against gcc-4.1.1 and glibc-2.4 might be a bit tricky to find 
though.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20060726/f8589c23/attachment.sig>


More information about the hlfs-dev mailing list