| 1 |
> sorry for this, new guy in this gentoo business, I just wanted to ask |
| 2 |
> a few questions,I joined the mailing list because it said it was about |
| 3 |
> the hardened sources, and that's what I installed, but I wanted to |
| 4 |
> know what the diference is exactly ( you guys are talking on another |
| 5 |
> level!!) |
| 6 |
> |
| 7 |
> if this is not the place to ask this ( as it obviouly isn't a simple q |
| 8 |
> & a mailing list), then just tell me to take a hike , although i'd |
| 9 |
> still like to receive the emails, as a information only.. |
| 10 |
|
| 11 |
|
| 12 |
I guess have a look at http://hardened.gentoo.org. At least as I |
| 13 |
understand things: you have a couple of basic technologies that are |
| 14 |
being slowly fitted into modern distributions. You have kernels that |
| 15 |
can enforce access controls (selinux and grsecurity), and then you have |
| 16 |
a whole heap of clever ideas around randomising memory layouts, and |
| 17 |
adding various random markers into memory so that you can detect stack |
| 18 |
overflows. The later seems to be what a lot of people refer to as |
| 19 |
"hardened". |
| 20 |
|
| 21 |
The hardened sources have some of that included, but you have to turn it |
| 22 |
on when configuring your kernel. The point was that you can also have a |
| 23 |
lot of this stuff built into the app itself if you are using very recent |
| 24 |
versions of gcc and have the right compiler flags set |
| 25 |
|
| 26 |
Beyond that you need to read the docs and surf around a little... |
| 27 |
|
| 28 |
Good luck |
| 29 |
|
| 30 |
Ed W |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives