| 1 |
Hi! |
| 2 |
|
| 3 |
On Fri, Jun 30, 2006 at 01:08:10PM +0200, pageexec@××××××××.hu wrote: |
| 4 |
> > Heads up to nvidia users... If you use nvidia-glx and a hardened profile |
| 5 |
> > it's going to be package.masked |
| 6 |
> does it have to be that drastic? how about CONFIG_CHECK="~PAX_NOELFRELOCS" |
| 7 |
> in the ebuilds? |
| 8 |
|
| 9 |
I think users should decide which level of security they need. Choice |
| 10 |
between 'don't use hardened' or 'don't use nvidia drivers' sounds very |
| 11 |
undesirable. |
| 12 |
|
| 13 |
For example, I don't use nvidia drivers, but I use ati drivers - which |
| 14 |
require Xorg compiled with vanilla gcc. :-( I prefer to have at home |
| 15 |
hardened system with some weak places (Xorg compiled with vanilla gcc; |
| 16 |
some paxctl/chpax for mplayer/xine/xmms/skype) than have no hardened at all. |
| 17 |
|
| 18 |
And this isn't just question of trading performance to security: I need |
| 19 |
ati drivers because core Xorg driver doesn't support TvOUT and because |
| 20 |
core Xorg driver too slow to support quick switching between virtual |
| 21 |
desktops (my X configured to simulate text console environment with |
| 22 |
switching between full-screen xterm's running in different virtual |
| 23 |
desktops using Alt-Fx). So this is question of trading [critical] |
| 24 |
functionality to security, not just performance. |
| 25 |
|
| 26 |
But, as far as I understand, it isn't "that drastic" because user can just |
| 27 |
unmask nvidia drivers and continue using both hardened and nvidia drivers..? |
| 28 |
|
| 29 |
-- |
| 30 |
WBR, Alex. |
| 31 |
-- |
| 32 |
gentoo-hardened@g.o mailing list |
Archives