Atomicorp

Trying out letsencrypt. The letencrypt binaries seems to trigger "Denied a RWX mmap event." the same thing running it from a command line installation.
Anyone found a way around it? Tried the execstack -c command without success.

If removing execstack flag still gives you this alert when the application runs, then that means the applications needs to punch that hole in your system to run. This allert means that app is trying to create a writeable and executable memory mapping, which makes it possible for a bad guy to inject new executable code into the task's address space. Its pretty rare to see anything try do that any more, and extremely rate for anything to actually need to do that. But if this vendor cant write it in a more secure manner you'll have to let it do that. It doesnt make much sense to me why it would need to do that given what this app does. See solution 3 in this article if you trust the application has no vulnerabilities and want to let them do that (again this opens a hole in your system, so doing this shouldnt be done lightly and let them know this is a concern you have):

https://www.atomicorp.com/wiki/index.ph ... olutions_2

One of the problem is that I really don't understand which application should be granted execstack.

/usr/local/psa/var/modules/letsencrypt/venv.SCBBK/bin/letsencrypt is not an ELF.