summaryrefslogtreecommitdiff
path: root/system/paxctl/README
diff options
context:
space:
mode:
Diffstat (limited to 'system/paxctl/README')
-rw-r--r--system/paxctl/README12
1 files changed, 12 insertions, 0 deletions
diff --git a/system/paxctl/README b/system/paxctl/README
new file mode 100644
index 0000000000..3589bd6023
--- /dev/null
+++ b/system/paxctl/README
@@ -0,0 +1,12 @@
+This is paxctl for controlling PaX flags on a per binary basis. PaX
+is an intrusion prevention system that provides the best protection
+mechanisms against memory corruption bugs. Some applications are not
+compatible with certain features (due to design or bad engineering)
+and therefore they have to be exempted from certain enforcements. It
+is also possible to use PaX in soft mode where none of the protection
+mechanisms are active by default - here paxctl can be used to turn
+them on for selected programs (e.g., network daemons, programs that
+process network data such as mail clients, web browsers, etc).
+
+PaX is provided by a separate kernel patch, that you need to install
+manually. You can get it from: https://grsecurity.net/