Notice: Undefined variable: name in /srv/http/vhosts/ on line 248

Package Details: linux-pax-flags 2.0.18-4

Git Clone URL: (read-only)
Package Base: linux-pax-flags
Description: Deactivates PaX flags for several binaries to work with PaX enabled kernels.
Upstream URL:
Keywords: grsecurity linux pax security
Licenses: GPL3
Submitter: phects
Maintainer: phects
Last Packager: phects
Votes: 18
Popularity: 0.000872
First Submitted: 2012-01-12 18:16
Last Updated: 2015-12-15 12:27

Latest Comments

« First ‹ Previous ... 6 7 8 9 10 11 12 13 Next › Last »

duncant commented on 2012-08-14 21:49

From the nspluginwrapper package:

MPROTECT off for /usr/lib/nspluginwrapper/i386/linux/npviewer.bin

phects commented on 2012-08-12 15:39

1.0.19: MPROTECT, RANDMMAP off for 0 A.D.

+ /usr/bin/pyrogenesis

Anonymous comment on 2012-08-07 22:03

You could also do them as pSmXEr instead of pSmXER, just tested, and whether it's r or R doesn't change anything on my end.
So guess that the other user you were refering to didn't have PAGEEXEC or SEGEXEC (that would proberbly make it psmXEr, if you take SEGEXEC into account too) enabled then ?

As far as I could see from bug reports on other distro's it's needed so that the grub binaries can execute it's own stack.

phects commented on 2012-08-07 18:30

1.0.18: Skype, Java 7, glxspheres, okular (thanks to duncant).

+ /opt/java/bin/java
+ /opt/java/bin/javac
+ /usr/bin/okular
+ /usr/bin/glxspheres
+ /usr/bin/skype

duncant commented on 2012-08-07 01:51

And another binary...

/usr/bin/skype needs to have `paxctl -Cm` run on it. It has to be the capital C flag. (I know skype's ludicrously insecure and closed-source and whatnot, but I figured I'd mention it)

duncant commented on 2012-08-07 01:44

The AUR packages jre and jdk install java to /opt/java.

I've also discovered that the KDE application /usr/bin/okular (the PDF reader) requires MPROTECT off. Also, /usr/bin/glxspheres requires MPROTECT off

phects commented on 2012-08-06 09:54

1.0.17: MPROTECT off for KDE binaries.

+ /usr/bin/kdeinit4
+ /usr/bin/kmail
+ /usr/bin/kwin

phects commented on 2012-08-06 09:53

Thanks very much! I added the KDE executables for now. Which Java packages install to "/opt/java"?

duncant commented on 2012-08-04 22:11

Also, java and javac can sometimes be found at /opt/java/bin/java and /opt/java/bin/javac so you might want to add those.

duncant commented on 2012-08-04 07:41

/usr/bin/kmail needs MPROTECT off (but can have RANDEXEC on)
/usr/bin/kwin needs MPROTECT off
/usr/bin/kdeinit4 needs MPROTECT off

All the other KDE programs that I've tried seem to work well.