1 |
On Thu, 2006-06-29 at 22:27 +0200, Kevin F. Quinn wrote: |
2 |
> On Thu, 29 Jun 2006 11:19:10 -0400 |
3 |
> Ned Ludd <solar@g.o> wrote: |
4 |
> |
5 |
> > How you you/we feel about p.masking nvidia-glx and friends in the |
6 |
> > hardened profiles? They do nothing but cause us heartache anyway and |
7 |
> > we are mostly powerless to fix them unless we are willing to spend a |
8 |
> > a lot of time reverse engineering the object code. |
9 |
> |
10 |
> Sounds good to me. Anyone using a hardened profile is implicitly |
11 |
> sacrificing performance & functionality for the hardening - if they |
12 |
> don't want to make that sacrifice they can use the default-linux |
13 |
> profiles (or just unmask locally). I think one role of the hardened |
14 |
> profiles is to protect users from some stuff that may compromise the |
15 |
> very stuff the hardened profile puts in place. |
16 |
> |
17 |
> If we were to follow this to its logical conclusion, we would |
18 |
> p.mask anything that has TEXTRELs or needs executable stack/heap etc - |
19 |
> users can still include such stuff by unmasking locally, but at least |
20 |
> they are aware they are making a compromise. |
21 |
> |
22 |
> (btw did you mean to send that to -core as well? not sure so I've |
23 |
> replied privately - if you did mean to send to -core as well feel free |
24 |
> to quote me) |
25 |
|
26 |
Pretty sure I initially did a reply to all. No matter however if I did |
27 |
not as it's more a topic for the hardened list. |
28 |
|
29 |
Heads up to nvidia users... If you use nvidia-glx and a hardened profile |
30 |
it's going to be package.masked |
31 |
|
32 |
-- |
33 |
Ned Ludd <solar@g.o> |
34 |
Gentoo Linux |
35 |
|
36 |
-- |
37 |
gentoo-hardened@g.o mailing list |