| 1 |
On Thu, 1 Jul 2010 08:46:11 +0100 |
| 2 |
Radoslaw Madej <radegand@××.pl> wrote: |
| 3 |
|
| 4 |
> Hi guys, |
| 5 |
> |
| 6 |
> I convinced the company I work for to allow me to spend some time on |
| 7 |
> reviewing different security aspects of Linux OS and different distros. As it |
| 8 |
> also involves Gentoo Hardened (which I also happily use on a daily basis), I |
| 9 |
> thought I'd share. :) |
| 10 |
> |
| 11 |
> http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news |
| 12 |
> |
| 13 |
> There should be more to come in a near future. Any feedback appreciated :) |
| 14 |
> |
| 15 |
> Thanks to all hardened-dev for making the Hardened Gentoo happen! :) |
| 16 |
> Regards, |
| 17 |
> Radek Madej |
| 18 |
> |
| 19 |
|
| 20 |
A very good paper my friend, I enjoyed reading it :) |
| 21 |
|
| 22 |
I think you go into enough detail to keep even the less interested people |
| 23 |
reading and I hope that you manage to propagate this article (Maybe we could |
| 24 |
put a reference to it in the hardened docs?) so that more people become aware. |
| 25 |
|
| 26 |
Sure, some people are probably going to start question your testing methods and |
| 27 |
such because, like you mention in the paper, assessing security enabled on |
| 28 |
binaries can give false positives and negatives depending on how the code looks |
| 29 |
like. |
| 30 |
|
| 31 |
-- |
| 32 |
Mvh |
| 33 |
Daniel Kuehn |
Archives