grsecurity option to log execs of -m / -r binaries

Discuss and suggest new grsecurity features

grsecurity option to log execs of -m / -r binaries

Postby Hugo Mildenberger » Fri Nov 05, 2010 12:25 pm

I'm missing a grsecurity kernel configuration option which would allow to log execs of binaries which don't comply with mprotect or randmap, i.e. also those which had been a target of paxctl -mr during installation, non-PIE, static binaries and so on. Maybe even preventing such programs from starting up might be possible?
Hugo Mildenberger
 
Posts: 12
Joined: Sun Dec 13, 2009 6:14 pm

Return to grsecurity development