| 1 |
On Thu, 2006-06-29 at 22:27 +0200, Kevin F. Quinn wrote: |
| 2 |
> On Thu, 29 Jun 2006 11:19:10 -0400 |
| 3 |
> Ned Ludd <solar@g.o> wrote: |
| 4 |
> |
| 5 |
> > How you you/we feel about p.masking nvidia-glx and friends in the |
| 6 |
> > hardened profiles? They do nothing but cause us heartache anyway and |
| 7 |
> > we are mostly powerless to fix them unless we are willing to spend a |
| 8 |
> > a lot of time reverse engineering the object code. |
| 9 |
> |
| 10 |
> Sounds good to me. Anyone using a hardened profile is implicitly |
| 11 |
> sacrificing performance & functionality for the hardening - if they |
| 12 |
> don't want to make that sacrifice they can use the default-linux |
| 13 |
> profiles (or just unmask locally). I think one role of the hardened |
| 14 |
> profiles is to protect users from some stuff that may compromise the |
| 15 |
> very stuff the hardened profile puts in place. |
| 16 |
> |
| 17 |
> If we were to follow this to its logical conclusion, we would |
| 18 |
> p.mask anything that has TEXTRELs or needs executable stack/heap etc - |
| 19 |
> users can still include such stuff by unmasking locally, but at least |
| 20 |
> they are aware they are making a compromise. |
| 21 |
> |
| 22 |
> (btw did you mean to send that to -core as well? not sure so I've |
| 23 |
> replied privately - if you did mean to send to -core as well feel free |
| 24 |
> to quote me) |
| 25 |
|
| 26 |
Pretty sure I initially did a reply to all. No matter however if I did |
| 27 |
not as it's more a topic for the hardened list. |
| 28 |
|
| 29 |
Heads up to nvidia users... If you use nvidia-glx and a hardened profile |
| 30 |
it's going to be package.masked |
| 31 |
|
| 32 |
-- |
| 33 |
Ned Ludd <solar@g.o> |
| 34 |
Gentoo Linux |
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-hardened@g.o mailing list |
Archives