| 1 |
Hi! |
| 2 |
|
| 3 |
On Tue, Nov 25, 2008 at 05:00:45PM +0200, Jan Klod wrote: |
| 4 |
> Suppose, I want to take some extra precautions and set up PaX&co and MAC on a |
| 5 |
> workstation with Xorg and other nice KDE apps (only some of which should be |
| 6 |
> granted access to files in folder X). I would like to read others opinion, if |
| 7 |
> I can get considerable security improvements or I will have to make that much |
| 8 |
> of exceptions to those good rules, as it makes protection too useless? |
| 9 |
|
| 10 |
Not sure about MAC, but GrSec + PaX + hardened toolchain is nice to have. |
| 11 |
Unlike MAC, it's ease to setup, and there only few applications require |
| 12 |
some weakening of security (using paxctl). |
| 13 |
I use hardened workstation configured this way for years. |
| 14 |
|
| 15 |
You can improve security further by running applications like web browser |
| 16 |
and e-mail client in chroot, but that's for true paranoiac. :) |
| 17 |
|
| 18 |
-- |
| 19 |
WBR, Alex. |
Archives