| 1 |
On Fri, 2003-11-21 at 05:16, Viktors Rotanovs wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> few questions for the list. |
| 5 |
> What's the status of hardened stages? |
| 6 |
> Readme file states that they're not ready for production use yet - is it |
| 7 |
> possible to disable some features and use them for production anyway? |
| 8 |
|
| 9 |
I think they are fairly stable, I've been running a webserver for a few |
| 10 |
weeks built from the the stages. In reality not much changes in the |
| 11 |
hardened stages vs default-x86-1.4 ones. It's basically a rebuild of |
| 12 |
system with a hgcc enabled userland. |
| 13 |
|
| 14 |
They wont be ready for production use till we have a way to make gentoo |
| 15 |
truly support pamless installs as we would like to turn pam off at the |
| 16 |
stage1 and leave it to the admin to decide if she/he wants to use pam or |
| 17 |
not.. Right that leaves us with just shadow5 in the way. Other than that |
| 18 |
we just need people testing them. |
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
> Does it make sense to use hardened gcc together with GRSecurity |
| 24 |
> (segment-based protection is turned on)? |
| 25 |
> |
| 26 |
yes |
| 27 |
|
| 28 |
> Hope that's not too much for one e-mail :) |
| 29 |
> |
| 30 |
> Best Wishes, |
| 31 |
> Viktors |
| 32 |
> |
| 33 |
> PS: is this list archived somewhere? |
| 34 |
> |
| 35 |
> |
| 36 |
> -- |
| 37 |
> gentoo-hardened@g.o mailing list |
| 38 |
|
| 39 |
-- |
| 40 |
Ned Ludd <solar@g.o> |
| 41 |
Gentoo Linux Developer |
Archives