Gentoo Linux -- List Archive: gentoo-hardened

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647

List Archive: gentoo-hardened

Navigation:

Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-hardened@g.o
From:	Javier J. Martínez Cabezón <tazok.id0@...>
Subject:	Re: "How hard" is Linux kernel-side hardening?
Date:	Mon, 21 Sep 2009 16:46:59 +0200

> Remember that RSBAC does not work with PaX on a recent kernels. If you
> really want more security with Linux, PaX is the first and the most
> important thing you should consider. It aims to prevent exploits from
> working, while MAC/RBAC/RSBAC fights the consequences in userspace and
> does little to protect against the kernel exploits.

RSBAC with PaX works with new kernels, you can patch it yourself or
you can download one kernel that is already patched from
http://enhanced.rsbac.org/2.6/2.6.31/.

> A server without PaX is barely a better choice.

The same as before, PaX runs with rsbac in new kernels

Replies:

Re: "How hard" is Linux kernel-side hardening?
-- Pavel Labushev

References:

"How hard" is Linux kernel-side hardening?
-- Marco Venutti

Re: "How hard" is Linux kernel-side hardening?
-- Pavel Labushev

Navigation:

Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >

Previous by thread:

Re: "How hard" is Linux kernel-side hardening?

Next by thread:

Re: "How hard" is Linux kernel-side hardening?

Previous by date:

Re: "How hard" is Linux kernel-side hardening?

Next by date:

Re: "How hard" is Linux kernel-side hardening?

Updated Jun 28, 2012

Summary: Archive of the gentoo-hardened mailing list.

Donate to support our development efforts.