| 1 |
On сб, 2004-09-18 at 20:01, Thierry Carrez wrote: |
| 2 |
> Alexander Gabert wrote: |
| 3 |
> |
| 4 |
> > But, in my eyes, you are underestimating the negative impact of that |
| 5 |
> > decision on people |
| 6 |
> > successfully using the solution. |
| 7 |
> > |
| 8 |
> > Do you need success stories for letting it continue? |
| 9 |
> > Do you need mails of people that tell you: good job, things broke left and |
| 10 |
> > right of me, but i am a proud owner of a hardened gcc. |
| 11 |
> > |
| 12 |
> > You and me know that you will never get such mails. |
| 13 |
> |
| 14 |
> It works, it's great, it never failed for me, and I think it's a great |
| 15 |
> asset to have in a metadistribution environment like Gentoo. |
| 16 |
> |
| 17 |
> Maybe there is a problem of scope. It's probably too much work to have |
| 18 |
> it work/documented for the default user to use on a general-purpose |
| 19 |
> workstation, where xfree/mplayer/whatever will break or where the user |
| 20 |
> won't read the F manual. Maybe the scope should be server/router |
| 21 |
> environments only, so that the number of packages to check and support |
| 22 |
> would be more reasonable and the user level would be higher... |
| 23 |
Hi All, |
| 24 |
i've been using hardened platform for about a year. Firstly through |
| 25 |
CFLAGS in make.conf, later by using hardened toolchain. |
| 26 |
It's not a server, something special just my only home computer, i use |
| 27 |
it for everything - including music, video etc. |
| 28 |
Quite always there is a price u have to pay to use some things. Example |
| 29 |
is that i used Xorg compiled static to get X on my desktop. Didn't have |
| 30 |
3-D accel. but it worked, and whats more i was using full PaX-protection |
| 31 |
+ grsec2 and hardened GCC. |
| 32 |
Don't know about the others but i have maybe no more then 10 bugs for a |
| 33 |
month, more or less (rarely due to using hardened). Frankly sometimes |
| 34 |
ever forget that i'm using a hardened system. |
| 35 |
It's true for some time there are more and longer standing (nasty |
| 36 |
hardened) bugs, but hope later there will be less, the life isn't always |
| 37 |
nice. |
| 38 |
PS: about the help needed, sorry for the moment can't help (no asm |
| 39 |
experience, nor ELF-binaries knowledge etc). Maybe some documentation or |
| 40 |
testing, don't know. |
| 41 |
Truly think hardened is a great thing in Gentoo and it works, just see |
| 42 |
all major hardened projects (grsec2, RSBAC, SElinux) are here. |
| 43 |
Just my experience and point of view. |
| 44 |
Thanks |
| 45 |
Rumen |
Archives