| 1 |
--- Ned Ludd <solar@g.o> wrote: |
| 2 |
>loading x11 depends on options you enabled in the kernel. If you |
| 3 |
>configured your kernel for PaX (PAGEEXEC/SEGMEXEC) then xfree is going |
| 4 |
>to require extra permissions to run. We have patches that make xfree >not |
| 5 |
>require extra permissions to run by using the dlloader. However |
| 6 |
>unfortunately upstream has not been very respective. |
| 7 |
|
| 8 |
Is this patch a seperate ebuild that I will have to emerge? |
| 9 |
|
| 10 |
>We will not answer this question. Our views are split on the subject. |
| 11 |
>In the end it's best for the user to decide for him/herself based on >his/her needs. |
| 12 |
|
| 13 |
Fair enough. I know very little about grSecurity and basicly nothing about selinux so I will have to read up on the both of them before I can make a choice. |
| 14 |
|
| 15 |
>Require? No.. Is it ideal yes. Will it make your life eaiser? probably >not. |
| 16 |
>Will you server be more secure than you started with. We sure fscking >hope so or we |
| 17 |
>have been waisting our time rebuilding gcc/glibc/binutils and >bootstrapping on an |
| 18 |
>almost daily basis over here. |
| 19 |
|
| 20 |
I am assuming by your response that it would proably be best if I started a build of Gentoo from scratch with hardened gcc. Other than the security guide on the Gentoo site, are there any other good resources that you would recommend? Basicly I'm not really a secuirty expert and I really want to know what I'm doing and at least a little of "why" before I jump into attempting to setup a secure gentoo installation again. |
| 21 |
|
| 22 |
Thanks, |
| 23 |
Steve |
Archives