Warning: file_exists(): open_basedir restriction in effect. File(/srv/http/vhosts/aur.archlinux.org/public/web/locale//en/LC_MESSAGES/aurweb.mo) is not within the allowed path(s): (/srv/http/vhosts/aur-dev.archlinux.org/:/etc/aurweb/) in /srv/http/vhosts/aur-dev.archlinux.org/public/web/lib/streams.php on line 90
AUR (en) - linux-pax-flags

Notice: Undefined variable: name in /srv/http/vhosts/aur-dev.archlinux.org/public/web/lib/pkgfuncs.inc.php on line 248

Package Details: linux-pax-flags 2.0.18-4

Git Clone URL: https://aur-dev.archlinux.org/linux-pax-flags.git (read-only)
Package Base: linux-pax-flags
Description: Deactivates PaX flags for several binaries to work with PaX enabled kernels.
Upstream URL: https://github.com/nning/linux-pax-flags
Keywords: grsecurity linux pax security
Licenses: GPL3
Submitter: phects
Maintainer: phects
Last Packager: phects
Votes: 18
Popularity: 0.000872
First Submitted: 2012-01-12 18:16
Last Updated: 2015-12-15 12:27

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 ... Next › Last »

test0 commented on 2013-10-13 19:17

v8-dev (found in AUR): paxctl -cPemRSX /usr/bin/d8

Ahmad24 commented on 2013-10-09 04:31

/etc/pax-flags/custom.conf
# MPROTECT off
PSmXER:
- /usr/bin/goldendict
- /usr/lib/kde4/libexec/kwin_opengl_test
- /usr/bin/akonadi_sendlater_agent
- /usr/bin/akonadi_archivemail_agent
- /usr/bin/akonadi_mailfilter_agent
- /usr/bin/knotify4
- /usr/lib/kde4/libexec/drkonqi
- /usr/bin/gpartedbin
- /usr/bin/avidemux2_qt4
- /usr/bin/viewnior
- /usr/bin/wxHexEditor
- /usr/bin/gdk-pixbuf-query-loaders
- /usr/bin/akregator
- /usr/lib/vlc/vlc-cache-gen
- /usr/bin/dolphin
- /usr/bin/gtk-query-immodules-3.0
# All off
pemrxs:
- /usr/bin/bsdtar
- /usr/bin/virtuoso-t
- /usr/bin/wine64
- /usr/bin/wine64-preloader
- /usr/bin/winebuild
- /usr/bin/winecpp
- /usr/bin/winedump
- /usr/bin/wineserver
- /usr/lib/AntiVir/guard/savapi:
header: create

test0 commented on 2013-10-02 12:04

chromium-dev (found in AUR): paxctl -cPemRSX /usr/lib/chromium-dev/chromium
firefox-aurora (found in AUR): paxctl -cPemRSX /opt/firefox-aurora/firefox

echoblack commented on 2013-09-30 04:05

paxctl -cPEmRXS

grsec: denied RWX mmap of <anonymous mapping> by

/usr/bin/blogilo
/usr/bin/akonadiconsole
/usr/bin/knode
/usr/bin/kontact
/usr/bin/obex-data-server

echoblack commented on 2013-09-28 13:14

paxctl -cPEmrXS /usr/lib/kde4/libexec/kscreenlocker_greet

NOTE: Whenever you get some program that gets stuck in a crash loop, but there are no logs, 99% chance you just need to disable RANDMMAP

echoblack commented on 2013-09-28 13:13

paxctl -PEmrXS /usr/lib/kde4/libexec/kscreenlocker_greet

NOTE: Whenever you get some program that gets stuck in a crash loop, but there are no logs, 99% chance you just need to disable RANDMMAP

Ahmad24 commented on 2013-09-27 10:57

goldendict: error while loading shared libraries: libGL.so.1: failed to map segment from shared object: Operation not permitted

paxctl -cPEmRXS /usr/bin/goldendict

test0 commented on 2013-09-27 08:39

aura requires a paxctl setting as well:

paxctl -cPerMS /usr/bin/aura

test0 commented on 2013-09-27 08:28

paxctl also has the problem of not working when binaries are in use. To my knowledge, setfattr has no such problem since the binary itself remains untouched.

test0 commented on 2013-09-26 01:36

For python-powerline-git to work, MPROTECT has to be disabled for /usr/bin/python:

paxctl -cPemRSX /usr/bin/python

kernel.grsecurity.tpe_restrict_all needs to be disabled as well. orcexec might need that setting, too.