unK l33t
Joined: 06 Feb 2007 Posts: 769
|
Posted: Sun Nov 03, 2013 1:58 pm Post subject: Hardened Gentoo /w grsec and ati-drivers - is it worth it? |
|
|
Hi,
I wanted to try hardened profile, so I've built minimal hardened system next to my current one to try it out and I'm not sure if it's worth the hassle.
Reasons:
1) With ati-drivers, one needs to disable MPROTECT on anything that uses libGL, which includes kwin, mplayer (with gl video output) and, most importantly, firefox (yes, it doesn't start even with no JIT support).
2) I also need Skype. It works on hardened (even though it's masked), but again, MPROTECT needs to be disabled for the binary.
So in the end two applications, which run basically all the time (firefox and skype), connect with outside world and thus are the most likely to be prone to possible exploits, need MPROTECT disabled.
I know that grsec in not only about MPROTECT, but it seems by disabling it you lose a lot and I'm not sure whether what remains is worth using hardened. _________________ ncmpcpp - featureful ncurses based MPD client inspired by ncmpc |
|