On July 26, 2006 12:59 pm, Sebastian Faulborn wrote: > For the same reason it is important to set both the old AND new header > types in the PAX settings in the kernel so that both kinds are supported > (as recommended in the GRSecurity/PAX quickstart). When > programs are compiled on HLFS, the new kind of headers will always be used. > > So I think one should at least put a note in the book telling about > precompiled binaries and chpax. Note: PAX works on precompiled binaries in > the same way as on self compiled ones. Its just SSP which is missing. So > binaries are still protected by PAX/GRSecurity.
On the paxctl and kernel pages maybe. There's a legacy kernel option you will need to enable too, for these binary packages. Gentoo might have a copy of jdk compiled with ssp and pt_pax. Getting one compiled against gcc-4.1.1 and glibc-2.4 might be a bit tricky to find though. robert
pgpmtHZ5D7V63.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
