| 1 |
On 10/20/2011 08:57 AM, Mike Frysinger wrote: |
| 2 |
> On Thursday 20 October 2011 08:41:55 Rich Freeman wrote: |
| 3 |
>> 2011/10/20 Tomáš Chvátal: |
| 4 |
>>> I would say that most hardened features should be merged to to main |
| 5 |
>>> profile as soon as they won't cause major PITA for the regular users. |
| 6 |
>> I agree - especially for stuff that doesn't require active setup |
| 7 |
>> (stack protection, PaX, etc). |
| 8 |
> except PaX requires kernel patches and is known to break things. not an |
| 9 |
> acceptable default. |
| 10 |
> -mike |
| 11 |
I would not recommend PaX at this time. As Mike said, it breaks things, |
| 12 |
sometimes important things. Eg. python ctypes was broken there for a |
| 13 |
while on hardened. Also, unlike toolchain, it requires that you |
| 14 |
configure your kernel correctly, ie have familiarity with what works and |
| 15 |
what doesn't under certain PaX features. This may be trivial for us, |
| 16 |
but might be more than we want to put newbies through. |
| 17 |
|
| 18 |
-- |
| 19 |
Anthony G. Basile, Ph.D. |
| 20 |
Gentoo Linux Developer [Hardened] |
| 21 |
E-Mail : blueness@g.o |
| 22 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 23 |
GnuPG ID : D0455535 |
Archives