grsecurity option to log execs of -m / -r binaries
Posted: Fri Nov 05, 2010 12:25 pm
I'm missing a grsecurity kernel configuration option which would allow to log execs of binaries which don't comply with mprotect or randmap, i.e. also those which had been a target of paxctl -mr during installation, non-PIE, static binaries and so on. Maybe even preventing such programs from starting up might be possible?