| 1 |
On Fri, 16 Mar 2007 21:54:16 -0400 |
| 2 |
"Caleb Cushing" <xenoterracide@×××××.com> wrote: |
| 3 |
|
| 4 |
> are there any real advantages to using hardened sources if you aren't |
| 5 |
> applying any pax or grsecurity patches? given that you can get |
| 6 |
> selinux in regular gentoo sources. |
| 7 |
Hi, |
| 8 |
Current hardening scheme is broadly said in two places: |
| 9 |
1.kernel patches - PaX, grsec2, rsbac(incl. PaX), selinux; |
| 10 |
2.Building all userland apps "PIC&PIE" (SSP is already in gcc-4.1.X). |
| 11 |
PaX complements PIE very well, all the others are access-control tools. |
| 12 |
Very simplified explanation, here. |
| 13 |
HTH. Rumen |
| 14 |
-- |
| 15 |
gentoo-hardened@g.o mailing list |
Archives