1 |
On Tuesday 25 November 2008 17:56:41 Alex Efros wrote: |
2 |
> Hi! |
3 |
> |
4 |
> On Tue, Nov 25, 2008 at 05:00:45PM +0200, Jan Klod wrote: |
5 |
> > Suppose, I want to take some extra precautions and set up PaX&co and MAC |
6 |
> > on a workstation with Xorg and other nice KDE apps (only some of which |
7 |
> > should be granted access to files in folder X). I would like to read |
8 |
> > others opinion, if I can get considerable security improvements or I will |
9 |
> > have to make that much of exceptions to those good rules, as it makes |
10 |
> > protection too useless? |
11 |
> |
12 |
> Not sure about MAC, but GrSec + PaX + hardened toolchain is nice to have. |
13 |
> Unlike MAC, it's ease to setup, and there only few applications require |
14 |
> some weakening of security (using paxctl). |
15 |
> I use hardened workstation configured this way for years. |
16 |
|
17 |
Could you post a list of apps, that need PaX lifted? |
18 |
|
19 |
Also there is another question: has anyone made some benchmarks to see how |
20 |
much raw computing power (CPU+RAM access, which happen during some purely |
21 |
computational task) decreases? |