| 1 |
El 27/06/12 04:38, Alecks Gates escribió: |
| 2 |
> On Tue, Jun 26, 2012 at 8:48 PM, Francisco Blas Izquierdo Riera |
| 3 |
> (klondike) <klondike@g.o> wrote: |
| 4 |
>> Hello, |
| 5 |
>> |
| 6 |
>> First sorry for taking this long to answer this, somehow this mail |
| 7 |
>> slipped through my radar and couldn't find it when somebody moved it to |
| 8 |
>> the gentoo-hardened list, add to that an... interesting live and we are set. |
| 9 |
>> |
| 10 |
>> And now let's get answers: |
| 11 |
>> |
| 12 |
>> First the Gentoo Hardened team DOES support the use of Gentoo Hardened |
| 13 |
>> on desktop and this has been so for a long time, there are many reasons |
| 14 |
>> for this amongst others the fact that currently desktops tend to be more |
| 15 |
>> vulnerable to attacks than servers. As a matter of fact I do tend to |
| 16 |
>> state that my laptop is running Gentoo Hardened whenever I have to give |
| 17 |
>> a talk on it and I can tell you I'm not the only user here, amongst |
| 18 |
>> other examples I recall an interesting remotely managed kiosk project by |
| 19 |
>> another user. |
| 20 |
>> |
| 21 |
>> Regarding the profiles the main reason why they don't exist is the non |
| 22 |
>> existence of a desktop feature that makes it easier for us to have it |
| 23 |
>> (as it happens for example with the selinux or multilib features). This |
| 24 |
>> said we tend to be very open to people wanting to join the community so |
| 25 |
>> if you want to create them feel free to come to the meeting we are |
| 26 |
>> holding on 2012-06-27 20:00 at #GentooHardened and say so when we touch |
| 27 |
>> the profiles topic, be warned though that profiles tend to be very |
| 28 |
>> complex and fragile so are a thing not to be taken easily. |
| 29 |
>> |
| 30 |
> Which timezone is this in? I don't normally pay attention to this |
| 31 |
> type of thing, but this would be very interesting to watch. |
| 32 |
UTC So if your mail headers don't lie that should be 15:00 in your local |
| 33 |
timezone. |
| 34 |
>> Regarding skype, in theory you can use it but you need to paxmark it |
| 35 |
>> with legacy USE flags and well it is quite awkward, another option is |
| 36 |
>> using the new xattr based marks but I think this is still in |
| 37 |
>> development. You will also need to disable TPE. |
| 38 |
>> |
| 39 |
> What about the new version of Skype, 4.0.0.7, is it? Seeing as |
| 40 |
> Microsoft isn't leaving Skype on Linux dead, who knows, they might be |
| 41 |
> willing to work with the community on something. |
| 42 |
If they still have the ugly ELF self checking procedure it depends it |
| 43 |
should work always with ourxattr based paxmarks and maybe TPE disabled |
| 44 |
(depending on its new requisites) but for the traditional paxmarks which |
| 45 |
modify the ELF file this may not be the case specially since the older |
| 46 |
paxmarking method is no longer allowed by newer glibc versions. |
| 47 |
>> Regarding things like totem check also dmesg, at times you need to |
| 48 |
>> disable TPE to get orc code to work properly. Anyway I have no problems |
| 49 |
>> like that with kaffeine. |
| 50 |
>> |
| 51 |
>> Finally regarding Gwibber and Hotot make sure you don't have the jit USE |
| 52 |
>> flag set, jit code and hardened match just as well as a bobcat and a |
| 53 |
>> pitbull in a small closed box with a lit firecracker to startle them. |
| 54 |
>> Worst case try choqok it works well for me. |
| 55 |
>> |
| 56 |
>> That covers all on this thread, I hope this e-mail is useful and as |
| 57 |
>> always feel free to come back with any questions you have. |
| 58 |
>> klondike |
| 59 |
>> |
| 60 |
> This was nice to read, and I am (personally) feeling more inclined to |
| 61 |
> use Gentoo Hardened for the desktop now. |
| 62 |
I'm glad to hear it, I have to recognize the Gentoo Hardened Comunity |
| 63 |
has changed a lot in the last years (to the point that currently the |
| 64 |
only old school member of the team who is actively contributing is |
| 65 |
Swift) which in turn changed a lot the project. |
Archives