1 |
Mike Kazantsev schrieb: |
2 |
> On Sat, 22 Aug 2009 21:11:10 +0200 |
3 |
> Florian Philipp <lists@f_philipp.fastmail.net> wrote: |
4 |
> |
5 |
>> I'm wondering what you think about CFLAGS="-fstack-protector"? Do you |
6 |
>> use it on security critical systems? Do you compile your kernel with it |
7 |
>> (2.6.30+)? Is the performance decrease noticeable? |
8 |
> |
9 |
> I might be missing a point, but if you want really secure kernel, why'd |
10 |
> you use 2.6.30+ instead of hardened-sources something like PaX and |
11 |
> grsecurity? |
12 |
> |
13 |
|
14 |
In this particular case, the system is a vserver client. The kernel is |
15 |
out of my reach. I only have control about userspace. |
16 |
|
17 |
In general, I thought this might be a simple improvement which doesn't |
18 |
need all the fuzz a hardened system would need (esp. for desktop systems |
19 |
and such alike). |