1 |
On Sun, 2004-05-30 at 10:08, Steve B wrote: |
2 |
> Hello. A while ago I attempted to secure gentoo following the Gentoo |
3 |
> Security Guide and grSecurity. Everything went ok but I obviously did |
4 |
> not understand grSecurity (I could not get x11 to load or lots of other |
5 |
> apps). |
6 |
|
7 |
loading x11 depends on options you enabled in the kernel. If you |
8 |
configured your kernel for PaX (PAGEEXEC/SEGMEXEC) then xfree is going |
9 |
to require extra permissions to run. We have patches that make xfree not |
10 |
require extra permissions to run by using the dlloader. However |
11 |
unfortunately upstream has not been very respective. |
12 |
|
13 |
> Anyways I am going to attempt the process again but before I |
14 |
> start I would be interested to hear whether grSecurity or selinux is |
15 |
> prefered. |
16 |
|
17 |
We will not answer this question. Our views are split on the subject. |
18 |
In the end it's best for the user to decide for him/herself based on his/her needs. |
19 |
|
20 |
> Also what about hardened gcc? |
21 |
|
22 |
> If I wanted to use hardened gcc |
23 |
> wouldn't that require me to re bootstrap the system? |
24 |
|
25 |
Require? No.. Is it ideal yes. Will it make your life eaiser? probably not. |
26 |
Will you server be more secure than you started with. We sure fscking hope so or we |
27 |
have been waisting our time rebuilding gcc/glibc/binutils and bootstrapping on an |
28 |
almost daily basis over here. |
29 |
|
30 |
> Thanks, |
31 |
> Steve |
32 |
> -- |
33 |
> Laugh, and the world ignores you. Crying doesn't help either. |
34 |
> |
35 |
> |
36 |
> -- |
37 |
> gentoo-hardened@g.o mailing list |
38 |
|
39 |
-- |
40 |
|
41 |
Ned Ludd <solar@g.o> |
42 |
|
43 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |