Gentoo Archives: gentoo-hardened

From: "Javier J. Martínez Cabezón" <tazok.id0@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening?
Date: Mon, 21 Sep 2009 14:47:08
Message-Id: 897813410909210746y12142337ldb1b6ee9fdf60067@mail.gmail.com
In Reply to: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? by Pavel Labushev
> Remember that RSBAC does not work with PaX on a recent kernels. If you > really want more security with Linux, PaX is the first and the most > important thing you should consider. It aims to prevent exploits from > working, while MAC/RBAC/RSBAC fights the consequences in userspace and > does little to protect against the kernel exploits.
RSBAC with PaX works with new kernels, you can patch it yourself or you can download one kernel that is already patched from http://enhanced.rsbac.org/2.6/2.6.31/.
> A server without PaX is barely a better choice.
The same as before, PaX runs with rsbac in new kernels

Replies

Subject Author
Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? Pavel Labushev <p.labushev@×××××.com>