Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Simon Strandman <simon.strandman@×××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Modular X and hardened
Date: Sat, 13 May 2006 09:38:41
Message-Id: 4465A7C1.2060302@telia.com
In Reply to: Re: [gentoo-dev] Modular X and hardened by "Kevin F. Quinn (Gentoo)"
1 Kevin F. Quinn (Gentoo) skrev:
2 > On Fri, 12 May 2006 10:49:22 +0200
3 > Simon Strandman <simon.strandman@×××××.com> wrote:
4 >
5 >
6 >> I installed modular X on my server running hardened.
7 >>
8 >
9 > X on a server? If it's just for the libs that's ok, but running the X
10 > server itself is risky on a server as it's huge and suid so flaws can
11 > easily gain root access. One such was discovered just the other week
12 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526).
13 >
14 I have my reasons. I need to run VNC on it.
15 >
16 >> It was quite
17 >> annoying to have to switch back and forth betwen the vanilla gcc and
18 >> the hardened. I couldn't leave it on compiling over the night but had
19 >> to monitor it all the time. Is this really necessary? Why can't the
20 >> modular X eclass just append the appropriate CFLAGS/LDFLAGS that
21 >> disables bind now or whatever it is thar breaks X instead?
22 >>
23 >
24 > It could, if we had the time to get it working. It should work
25 > passing '-nonow' to all invocations of gcc that do linking of relevant
26 > bits, but for some reason when people have tried that it hasn't worked -
27 > see bug #110506. We (hardened) haven't had the time to investigate
28 > further, and we don't want to complicate the stabilisation effort of
29 > modular X (which is a big enough job as it is) so we've left it as it
30 > is for the moment. We'll probably start looking at it again once it
31 > becomes stable (also upstream have a pending task to resolve the issue
32 > properly, but don't hold your breath).
33 >
34 > P.S. there's a hardened mailing list that is relevant.
35 >
36 Ok, thanks for the explanation! I'll keep track on that bug.
37
38
39 --
40 Simon Strandman - simon.strandman(a)telia.com
41
42 --
43 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Modular X and hardened "Kevin F. Quinn (Gentoo)" <kevquinn@g.o>
Report Message
Find on MARC Find on Google Groups