On Thu, 22 Jul 2010 23:25:10 +0800
Pavel Labushev <p.labushev@gmail.com> wrote:

> 22.07.2010 19:52, "Tóth Attila" пишет:
> 
> > 1. What is the neat way of detecting PaX running on a system?
> 
> To check /proc/self/status for "PaX:". That's what host-is-pax from
> pax-utils.eclass does.
> 

On Thu, 22 Jul 2010 07:08:30 -0700
Kyle Bader <kyle.bader@gmail.com> wrote:

> > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2092
> > http://bugs.gentoo.org/show_bug.cgi?id=326199
> >
> > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2092#c39
> > It raises two questions:
> > 1. What is the neat way of detecting PaX running on a system?
> 
> http://tk-blog.blogspot.com/2009/02/checksec.html
> 
> > 2. Edwin Török says PaX allows RWX mapping and kills the program
> > after that.
> 
> http://pax.grsecurity.net/docs/pageexec.txt
> 

Thanks. I have implemented PaX detection, see attached patch.

I'll commit it shortly to the ClamAV repository.

Best regards,
--Edwin