diff options
Diffstat (limited to 'system/paxctl/README')
-rw-r--r-- | system/paxctl/README | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/system/paxctl/README b/system/paxctl/README new file mode 100644 index 0000000000..3589bd6023 --- /dev/null +++ b/system/paxctl/README @@ -0,0 +1,12 @@ +This is paxctl for controlling PaX flags on a per binary basis. PaX +is an intrusion prevention system that provides the best protection +mechanisms against memory corruption bugs. Some applications are not +compatible with certain features (due to design or bad engineering) +and therefore they have to be exempted from certain enforcements. It +is also possible to use PaX in soft mode where none of the protection +mechanisms are active by default - here paxctl can be used to turn +them on for selected programs (e.g., network daemons, programs that +process network data such as mail clients, web browsers, etc). + +PaX is provided by a separate kernel patch, that you need to install +manually. You can get it from: https://grsecurity.net/ |