1 |
Please try to Re: to the same thread vs starting a new one each time. |
2 |
|
3 |
On Thu, 2004-06-03 at 07:04, Steve B wrote: |
4 |
> |
5 |
> --- Ned Ludd <solar@g.o> wrote: |
6 |
> >loading x11 depends on options you enabled in the kernel. If you |
7 |
> >configured your kernel for PaX (PAGEEXEC/SEGMEXEC) then xfree is going |
8 |
> >to require extra permissions to run. We have patches that make xfree >not |
9 |
> >require extra permissions to run by using the dlloader. However |
10 |
> >unfortunately upstream has not been very respective. |
11 |
> |
12 |
> Is this patch a seperate ebuild that I will have to emerge? |
13 |
|
14 |
No.. |
15 |
|
16 |
> |
17 |
> >We will not answer this question. Our views are split on the subject. |
18 |
> >In the end it's best for the user to decide for him/herself based on >his/her needs. |
19 |
> |
20 |
> Fair enough. I know very little about grSecurity and basicly nothing about selinux so I will have to read up on the both of them before I can make a choice. |
21 |
> |
22 |
> >Require? No.. Is it ideal yes. Will it make your life eaiser? probably >not. |
23 |
> >Will you server be more secure than you started with. We sure fscking >hope so or we |
24 |
> >have been waisting our time rebuilding gcc/glibc/binutils and >bootstrapping on an |
25 |
> >almost daily basis over here. |
26 |
> |
27 |
> I am assuming by your response that it would proably be best if I started a build of Gentoo from scratch with hardened gcc. |
28 |
> Other than the security guide on the Gentoo site, are there any other good resources that you would recommend? Basicly I'm not really a secuirty expert |
29 |
> and I really want to know what I'm doing and at least a little of "why" before I jump into attempting to setup a secure gentoo installation again. |
30 |
|
31 |
I'd recommend reading the PaX docs from start to finish. The when your |
32 |
done do it again. After you finish that go read the last 10+ phracks. |
33 |
Rinse and repeat. |
34 |
|
35 |
|
36 |
|
37 |
> Thanks, |
38 |
> Steve |
39 |
> |
40 |
> |
41 |
> ______________________________________________________________________ |
42 |
> -- |
43 |
> gentoo-hardened@g.o mailing list |
44 |
-- |
45 |
Ned Ludd <solar@g.o> |
46 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |