1 |
> sorry for this, new guy in this gentoo business, I just wanted to ask |
2 |
> a few questions,I joined the mailing list because it said it was about |
3 |
> the hardened sources, and that's what I installed, but I wanted to |
4 |
> know what the diference is exactly ( you guys are talking on another |
5 |
> level!!) |
6 |
> |
7 |
> if this is not the place to ask this ( as it obviouly isn't a simple q |
8 |
> & a mailing list), then just tell me to take a hike , although i'd |
9 |
> still like to receive the emails, as a information only.. |
10 |
|
11 |
|
12 |
I guess have a look at http://hardened.gentoo.org. At least as I |
13 |
understand things: you have a couple of basic technologies that are |
14 |
being slowly fitted into modern distributions. You have kernels that |
15 |
can enforce access controls (selinux and grsecurity), and then you have |
16 |
a whole heap of clever ideas around randomising memory layouts, and |
17 |
adding various random markers into memory so that you can detect stack |
18 |
overflows. The later seems to be what a lot of people refer to as |
19 |
"hardened". |
20 |
|
21 |
The hardened sources have some of that included, but you have to turn it |
22 |
on when configuring your kernel. The point was that you can also have a |
23 |
lot of this stuff built into the app itself if you are using very recent |
24 |
versions of gcc and have the right compiler flags set |
25 |
|
26 |
Beyond that you need to read the docs and surf around a little... |
27 |
|
28 |
Good luck |
29 |
|
30 |
Ed W |
31 |
|
32 |
-- |
33 |
gentoo-hardened@g.o mailing list |