1 |
Hi! |
2 |
|
3 |
On Fri, Jun 30, 2006 at 01:08:10PM +0200, pageexec@××××××××.hu wrote: |
4 |
> > Heads up to nvidia users... If you use nvidia-glx and a hardened profile |
5 |
> > it's going to be package.masked |
6 |
> does it have to be that drastic? how about CONFIG_CHECK="~PAX_NOELFRELOCS" |
7 |
> in the ebuilds? |
8 |
|
9 |
I think users should decide which level of security they need. Choice |
10 |
between 'don't use hardened' or 'don't use nvidia drivers' sounds very |
11 |
undesirable. |
12 |
|
13 |
For example, I don't use nvidia drivers, but I use ati drivers - which |
14 |
require Xorg compiled with vanilla gcc. :-( I prefer to have at home |
15 |
hardened system with some weak places (Xorg compiled with vanilla gcc; |
16 |
some paxctl/chpax for mplayer/xine/xmms/skype) than have no hardened at all. |
17 |
|
18 |
And this isn't just question of trading performance to security: I need |
19 |
ati drivers because core Xorg driver doesn't support TvOUT and because |
20 |
core Xorg driver too slow to support quick switching between virtual |
21 |
desktops (my X configured to simulate text console environment with |
22 |
switching between full-screen xterm's running in different virtual |
23 |
desktops using Alt-Fx). So this is question of trading [critical] |
24 |
functionality to security, not just performance. |
25 |
|
26 |
But, as far as I understand, it isn't "that drastic" because user can just |
27 |
unmask nvidia drivers and continue using both hardened and nvidia drivers..? |
28 |
|
29 |
-- |
30 |
WBR, Alex. |
31 |
-- |
32 |
gentoo-hardened@g.o mailing list |