Gentoo Archives: gentoo-hardened

From: Marco Venutti <veeenrg@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening?
Date: Mon, 21 Sep 2009 15:10:37
Message-Id: 478d5e250909210810g617fc109s51503f21cea9c693@mail.gmail.com
In Reply to: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? by Pavel Labushev
--[cut]--
Remember that RSBAC does not work with PaX on a recent kernels.
--[cut]--

Thank you, 'cause this point
(the presence of a usable PaX)
is important to me!

--[cut]--
While there are some problems with keeping hardened-sources up
to date in Portage. ;) So you better use kernel patches from here:
http://www.grsecurity.net/~spender/ <http://www.grsecurity.net/%7Espender/>
--[cut]--

I see the GR-Security, provided in Hardened Gentoo,
is not the bare patch, but an "itself-patched" version,
so I'm wondering if these improvements become
part of the (following releases of the) official patch,
or not; I'm asking this just because, if improvements
are not included in the official patch, maybe it's better,
for me, to use the gentoo-hardened-kernel-source,
not-so-up-to-date, but improved!
What do you think about this?

Replies

Subject Author
Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? RB <aoz.syn@×××××.com>