| 1 |
On Thursday, January 22, 2009 20:05:09 7v5w7go9ub0o wrote: |
| 2 |
> I expect to assemble a small I7 in a week or so. My initial thought is |
| 3 |
> to use a 64 bit OS: |
| 4 |
> |
| 5 |
> 1. Does anyone have an I7 running a hardened profile/kernel? If so, any |
| 6 |
> tips, please. |
| 7 |
> |
| 8 |
|
| 9 |
Not me and haven't heard any reports. Maybe you'll be the first. :) |
| 10 |
|
| 11 |
> 2. Will the current gcc 3.4.6-r2 still function well, or should I forgo |
| 12 |
> propolice/ssp and go to 4.3.2-r2 'til the new hardened profile updates |
| 13 |
> the compiler? |
| 14 |
|
| 15 |
gcc-3.4.6-r2 should continue to work. You just won't be to brag |
| 16 |
omg-I'm-so-super-31337-optimized. |
| 17 |
|
| 18 |
> |
| 19 |
> 3. I'd ....... guess ........ that I'd need a recent kernel e.g. |
| 20 |
> 2.6.27-r4 for grsecurity!? |
| 21 |
|
| 22 |
Yeah, you'll probably want 2.6.27 at minimum, 2.6.28 more likely. Even then |
| 23 |
you might not have support for everything (sensor chips, etc.). Enabling |
| 24 |
hyperthreading will likely cause instability/crashes due to a conflict with |
| 25 |
PaX. Feel free to report a bug if you're willing to take instructions, do |
| 26 |
test-and-retest cycles to help to debug it. If that is the case, I'd suggest |
| 27 |
leaving Hyperthreading disabled and ensuring your system's health initially |
| 28 |
(memtest, emerges, etc.) so as not to cause confusion/interference. |
| 29 |
|
| 30 |
> |
| 31 |
> 4. IIUC, some folks are working on a hardened 4.3.2(?) profile; is that |
| 32 |
> ready for prime time/ or ready for beta? |
| 33 |
> |
| 34 |
|
| 35 |
It's unmasked in hardened profiles and in a 'testing' stage. PIC/PIE seems to |
| 36 |
work. It isn't marked stable, so no its not ready for distro-wide 'prime |
| 37 |
time' but feel free to test it out (non-production preferably) if you are |
| 38 |
comfortable fixing things if/when they break. |
| 39 |
|
| 40 |
> |
| 41 |
> TIA |
| 42 |
|
| 43 |
Welcome, sorry for the delay and short responses. |
| 44 |
|
| 45 |
Gordon Malm (gengor) |
Archives