View previous topic :: View next topic |
Author |
Message |
leonchik1976 Guru
Joined: 24 Jan 2010 Posts: 325
|
Posted: Sat Dec 30, 2017 3:55 pm Post subject: Question about hardened profiles |
|
|
Is it make sense to use any of hardened profiles, if hardened-sources is masked? |
|
Back to top |
|
|
fedeliallalinea Administrator
Joined: 08 Mar 2003 Posts: 30915 Location: here
|
|
Back to top |
|
|
Spargeltarzan Guru
Joined: 23 Jul 2017 Posts: 317
|
Posted: Sat Dec 30, 2017 6:56 pm Post subject: |
|
|
I opened a similar support request on hardened profiles, if someone knows what is the current state of hardened and how it will develop in future (for the question if a migration to a hardened profile makes sense - because PIE already is in the normal profile, maybe everything will be moved) I would be very grateful _________________ ___________________
Regards
Spargeltarzan
Notebook: Lenovo YOGA 900-13ISK: Gentoo stable amd64, GNOME systemd, KVM/QEMU
Desktop-PC: Intel Core i7-4770K, 8GB Ram, AMD Radeon R9 280X, ZFS Storage, GNOME openrc, Dantrell, Xen |
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Sat Dec 30, 2017 11:36 pm Post subject: |
|
|
Isn't PaX part of the GRSecurity patch set? In that case, is it gone along with GRSecurity?
Doesn't profile 17.0 at at least PIE? I'm not sure about SSP, but I thought there'd been some other updates upstream that take care of some of that.
Even on my regular desktops I've been picking up Kees Cook's hardening tips for the mainline kernel. _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
The Doctor Moderator
Joined: 27 Jul 2010 Posts: 2678
|
Posted: Sun Dec 31, 2017 3:10 am Post subject: |
|
|
depontius wrote: | Isn't PaX part of the GRSecurity patch set? In that case, is it gone along with GRSecurity? | Yes, unfortunately. _________________ First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Sun Dec 31, 2017 10:48 am Post subject: |
|
|
Spargeltarzan wrote: | I opened a similar support request on hardened profiles, if someone knows what is the current state of hardened and how it will develop in future (for the question if a migration to a hardened profile makes sense - because PIE already is in the normal profile, maybe everything will be moved) I would be very grateful | hardened has still few more GCC compiler flags on per default, as I learned in the last days at the hard way, eg.: -fstack-check=yes |
|
Back to top |
|
|
|