1 |
On Fri, 16 Mar 2007 21:54:16 -0400 |
2 |
"Caleb Cushing" <xenoterracide@×××××.com> wrote: |
3 |
|
4 |
> are there any real advantages to using hardened sources if you aren't |
5 |
> applying any pax or grsecurity patches? given that you can get |
6 |
> selinux in regular gentoo sources. |
7 |
Hi, |
8 |
Current hardening scheme is broadly said in two places: |
9 |
1.kernel patches - PaX, grsec2, rsbac(incl. PaX), selinux; |
10 |
2.Building all userland apps "PIC&PIE" (SSP is already in gcc-4.1.X). |
11 |
PaX complements PIE very well, all the others are access-control tools. |
12 |
Very simplified explanation, here. |
13 |
HTH. Rumen |
14 |
-- |
15 |
gentoo-hardened@g.o mailing list |