| View previous topic :: View next topic |
| Author |
Message |
leonchik1976
Guru
Joined: 24 Jan 2010
Posts: 325
|
 Posted: Sat Dec 30, 2017 3:55 pm Post subject: Question about hardened profiles |
 |
|
| Is it make sense to use any of hardened profiles, if hardened-sources is masked? |
|
| Back to top |
|
 |
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 30915
Location: here
|
|
| Back to top |
|
|
Spargeltarzan
Guru
Joined: 23 Jul 2017
Posts: 317
|
| Posted: Sat Dec 30, 2017 6:56 pm Post subject: |
|
|
I opened a similar support request on hardened profiles, if someone knows what is the current state of hardened and how it will develop in future (for the question if a migration to a hardened profile makes sense - because PIE already is in the normal profile, maybe everything will be moved) I would be very grateful
_________________
___________________
Regards
Spargeltarzan
Notebook: Lenovo YOGA 900-13ISK: Gentoo stable amd64, GNOME systemd, KVM/QEMU
Desktop-PC: Intel Core i7-4770K, 8GB Ram, AMD Radeon R9 280X, ZFS Storage, GNOME openrc, Dantrell, Xen |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3509
|
| Posted: Sat Dec 30, 2017 11:36 pm Post subject: |
|
|
Isn't PaX part of the GRSecurity patch set? In that case, is it gone along with GRSecurity?
Doesn't profile 17.0 at at least PIE? I'm not sure about SSP, but I thought there'd been some other updates upstream that take care of some of that.
Even on my regular desktops I've been picking up Kees Cook's hardening tips for the mainline kernel.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
The Doctor
Moderator
Joined: 27 Jul 2010
Posts: 2678
|
| Posted: Sun Dec 31, 2017 3:10 am Post subject: |
|
|
| depontius wrote: | | Isn't PaX part of the GRSecurity patch set? In that case, is it gone along with GRSecurity? |
Yes, unfortunately.
_________________
First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
|
| Posted: Sun Dec 31, 2017 10:48 am Post subject: |
|
|
| Spargeltarzan wrote: | | I opened a similar support request on hardened profiles, if someone knows what is the current state of hardened and how it will develop in future (for the question if a migration to a hardened profile makes sense - because PIE already is in the normal profile, maybe everything will be moved) I would be very grateful |
hardened has still few more GCC compiler flags on per default, as I learned in the last days at the hard way, eg.: -fstack-check=yes |
|
| Back to top |
|
|
|
Installing Gentoo
