I am the only user on my computer (2.6.4-3 grsec kernel)
and find that using a learning generated grsec acl policy limits my use of the
computer.
In fact the only program which I wish to limit using grsec is Skype.
Unfortunately Skype will not run unless I use chpax to to disable the Pax
features for Skype, so the only protection that I can use is from the acl
policy.
Is it possible to generate an acl policy that essentially leaves everything
alone except for Skype? I have the acl rules that I want for Skype, but
don't know how to set up the rest of the policy file so that I am not
shackled
with the many other things that I wish to do on my computer.
An Acl Policy to effect only One Program (Skype)?
2 posts
• Page 1 of 1
An Acl Policy to effect only One Program (Skype)?
by andrew carson » Fri Dec 09, 2005 12:27 am
- andrew carson
- Posts: 1
- Joined: Wed Nov 23, 2005 10:41 pm
Re: An Acl Policy to effect only One Program (Skype)?
by PaX Team » Fri Dec 09, 2005 12:18 pm
FYI, you can use paxctl -c to convert the GNU_STACK header into PAX_FLAGS then paxctl -m and it'll work fine (or you can have the policy disable MPROTECT of course). not ideal but still a lot better than the default sitting duck situation.andrew carson wrote:Unfortunately Skype will not run unless I use chpax to disable the Pax features for Skype, so the only protection that I can use is from the acl policy.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
2 posts
• Page 1 of 1