[CFT] ASLR, PIE, and segvguard on 11-current and 10-stable
David Chisnall
theraven at FreeBSD.org
Sun May 25 21:18:32 UTC 2014
On 25 May 2014, at 21:31, Oliver Pinter <oliver.pntr at gmail.com> wrote:
> On 5/25/14, Dag-Erling Smørgrav <des at des.no> wrote:
>> Oliver Pinter <oliver.pntr at gmail.com> writes:
>>> pax_log will be in future a generic pax related logging framework,
>>> with ratelimiting and other features. It will log user, IP, binary
>>> name, path, checksum, and others.
>>
>> What are you using this for? Are you sure you can't use ktrace? It's a
>> lot more flexible and powerful than you probably realize.
>
> Logging to system log, The feature will similar to this in grsecurity:
> http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Kernel_Auditing
It sounds like you actually want to be writing audit events then. See audit(4).
David
More information about the freebsd-current
mailing list