| 1 |
On Sun, 2004-05-30 at 10:08, Steve B wrote: |
| 2 |
> Hello. A while ago I attempted to secure gentoo following the Gentoo |
| 3 |
> Security Guide and grSecurity. Everything went ok but I obviously did |
| 4 |
> not understand grSecurity (I could not get x11 to load or lots of other |
| 5 |
> apps). |
| 6 |
|
| 7 |
loading x11 depends on options you enabled in the kernel. If you |
| 8 |
configured your kernel for PaX (PAGEEXEC/SEGMEXEC) then xfree is going |
| 9 |
to require extra permissions to run. We have patches that make xfree not |
| 10 |
require extra permissions to run by using the dlloader. However |
| 11 |
unfortunately upstream has not been very respective. |
| 12 |
|
| 13 |
> Anyways I am going to attempt the process again but before I |
| 14 |
> start I would be interested to hear whether grSecurity or selinux is |
| 15 |
> prefered. |
| 16 |
|
| 17 |
We will not answer this question. Our views are split on the subject. |
| 18 |
In the end it's best for the user to decide for him/herself based on his/her needs. |
| 19 |
|
| 20 |
> Also what about hardened gcc? |
| 21 |
|
| 22 |
> If I wanted to use hardened gcc |
| 23 |
> wouldn't that require me to re bootstrap the system? |
| 24 |
|
| 25 |
Require? No.. Is it ideal yes. Will it make your life eaiser? probably not. |
| 26 |
Will you server be more secure than you started with. We sure fscking hope so or we |
| 27 |
have been waisting our time rebuilding gcc/glibc/binutils and bootstrapping on an |
| 28 |
almost daily basis over here. |
| 29 |
|
| 30 |
> Thanks, |
| 31 |
> Steve |
| 32 |
> -- |
| 33 |
> Laugh, and the world ignores you. Crying doesn't help either. |
| 34 |
> |
| 35 |
> |
| 36 |
> -- |
| 37 |
> gentoo-hardened@g.o mailing list |
| 38 |
|
| 39 |
-- |
| 40 |
|
| 41 |
Ned Ludd <solar@g.o> |
| 42 |
|
| 43 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives