[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#810479: RFP: paxrat -- PaX exception daemon for Debian packages

Package: wnpp
X-Debbugs-CC: desktops@secure-os.org

* Package name: paxrat
   Version         : 1
   Upstream Author : David McKinney <mckinney@subgraph>
* URL               : https://github.com/subgraph/paxrat
* License         : GPLv3
   Programming Lang: Go
   Description  : PaX exception daemon for Debian packages.

The newly packaged grsec kernel makes it easier for anyone to run a more secure kernel. However some major packages like Iceweasel/Tor Browser, JIT interpreters and main components of Gnome and KDE require PaX exceptions because they are not compatible with memory protection features of the enhanced kernel.

Paxrat from the SubgraphOS project is a daemon that maintains and applies rules from an exception list. It has dpkg hooks for taking care of binaries even when updated. [2]

Paxrat is implemented in GoLang and is simple to use.

Also a Grsecurity kernel maintainer is interested to have paxrat packaged. [1]

Please consider packaging it forJessie-backports too to compliment the backported linux-grsec package for stable installations.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090#487
[2] https://github.com/subgraph/paxrat/blob/master/etc/apt/apt.conf.d/70paxrat

Reply to: