| 1 |
Mike Kazantsev schrieb: |
| 2 |
> On Sat, 22 Aug 2009 21:11:10 +0200 |
| 3 |
> Florian Philipp <lists@f_philipp.fastmail.net> wrote: |
| 4 |
> |
| 5 |
>> I'm wondering what you think about CFLAGS="-fstack-protector"? Do you |
| 6 |
>> use it on security critical systems? Do you compile your kernel with it |
| 7 |
>> (2.6.30+)? Is the performance decrease noticeable? |
| 8 |
> |
| 9 |
> I might be missing a point, but if you want really secure kernel, why'd |
| 10 |
> you use 2.6.30+ instead of hardened-sources something like PaX and |
| 11 |
> grsecurity? |
| 12 |
> |
| 13 |
|
| 14 |
In this particular case, the system is a vserver client. The kernel is |
| 15 |
out of my reach. I only have control about userspace. |
| 16 |
|
| 17 |
In general, I thought this might be a simple improvement which doesn't |
| 18 |
need all the fuzz a hardened system would need (esp. for desktop systems |
| 19 |
and such alike). |
Archives