| 1 |
On Tuesday 25 November 2008 17:56:41 Alex Efros wrote: |
| 2 |
> Hi! |
| 3 |
> |
| 4 |
> On Tue, Nov 25, 2008 at 05:00:45PM +0200, Jan Klod wrote: |
| 5 |
> > Suppose, I want to take some extra precautions and set up PaX&co and MAC |
| 6 |
> > on a workstation with Xorg and other nice KDE apps (only some of which |
| 7 |
> > should be granted access to files in folder X). I would like to read |
| 8 |
> > others opinion, if I can get considerable security improvements or I will |
| 9 |
> > have to make that much of exceptions to those good rules, as it makes |
| 10 |
> > protection too useless? |
| 11 |
> |
| 12 |
> Not sure about MAC, but GrSec + PaX + hardened toolchain is nice to have. |
| 13 |
> Unlike MAC, it's ease to setup, and there only few applications require |
| 14 |
> some weakening of security (using paxctl). |
| 15 |
> I use hardened workstation configured this way for years. |
| 16 |
|
| 17 |
Could you post a list of apps, that need PaX lifted? |
| 18 |
|
| 19 |
Also there is another question: has anyone made some benchmarks to see how |
| 20 |
much raw computing power (CPU+RAM access, which happen during some purely |
| 21 |
computational task) decreases? |
Archives