robert at linuxfromscratch.org
Wed Jul 26 11:22:08 PDT 2006
On July 26, 2006 12:59 pm, Sebastian Faulborn wrote:
> For the same reason it is important to set both the old AND new header
> types in the PAX settings in the kernel so that both kinds are supported
> (as recommended in the GRSecurity/PAX quickstart). When
> programs are compiled on HLFS, the new kind of headers will always be used.
> So I think one should at least put a note in the book telling about
> precompiled binaries and chpax. Note: PAX works on precompiled binaries in
> the same way as on self compiled ones. Its just SSP which is missing. So
> binaries are still protected by PAX/GRSecurity.
On the paxctl and kernel pages maybe. There's a legacy kernel option you will
need to enable too, for these binary packages.
Gentoo might have a copy of jdk compiled with ssp and pt_pax. Getting one
compiled against gcc-4.1.1 and glibc-2.4 might be a bit tricky to find
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev