1 |
Hi! |
2 |
|
3 |
On Tue, Nov 25, 2008 at 05:00:45PM +0200, Jan Klod wrote: |
4 |
> Suppose, I want to take some extra precautions and set up PaX&co and MAC on a |
5 |
> workstation with Xorg and other nice KDE apps (only some of which should be |
6 |
> granted access to files in folder X). I would like to read others opinion, if |
7 |
> I can get considerable security improvements or I will have to make that much |
8 |
> of exceptions to those good rules, as it makes protection too useless? |
9 |
|
10 |
Not sure about MAC, but GrSec + PaX + hardened toolchain is nice to have. |
11 |
Unlike MAC, it's ease to setup, and there only few applications require |
12 |
some weakening of security (using paxctl). |
13 |
I use hardened workstation configured this way for years. |
14 |
|
15 |
You can improve security further by running applications like web browser |
16 |
and e-mail client in chroot, but that's for true paranoiac. :) |
17 |
|
18 |
-- |
19 |
WBR, Alex. |