Hello, spender. I have some idea...
What about creation new light grsecurity patch ?
NO pax, just only network protection + chroot + proc ?
no other things.. it maybe much easy to integrate this patch to workstations only, where internet security and socket randomizations maybe very important..
What do you think?
I highly neded grsecurity-light.
Thanks.
grsecurity light patch required (for workstations)
10 posts
• Page 1 of 1
grsecurity light patch required (for workstations)
by amax » Tue Apr 05, 2005 11:13 pm
- amax
- Posts: 10
- Joined: Wed Jul 14, 2004 5:53 am
by amax » Thu Apr 07, 2005 10:52 pm
Hal9000 wrote:what about just enabling the stuff you want in the kernel configuration?
it is too hard to apply big patch to non-vanilla kernel, many rejects.
but really it is not needed at all. just only network randz required
- amax
- Posts: 10
- Joined: Wed Jul 14, 2004 5:53 am
by sjweiler » Fri May 20, 2005 12:34 pm
I have a Gentoo linux workstation hardened with all PAX features except one to restrict TPE for non-root users and all GRSecurity features enabled. I can use java, xmms, mplayer, cedega, etc.
It work's flawlessly; not sure a lite patch is needed.
It work's flawlessly; not sure a lite patch is needed.
- sjweiler
- Posts: 1
- Joined: Fri May 20, 2005 12:29 pm
by PaX Team » Thu Jun 02, 2005 1:59 pm
what slows it down and how much? have you got any numbers? and if you think grsec is bad for the desktop, imagine what fedora users might feel with selinuxAbaddon wrote:It slows down your computer (remember, some people have older computers than yours).
btw. All the grsec options enabled on desktop?! It stinks...
.- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
by tuxq » Mon Jun 06, 2005 11:46 am
PaX Team wrote:what slows it down and how much? have you got any numbers? and if you think grsec is bad for the desktop, imagine what fedora users might feel with selinuxAbaddon wrote:It slows down your computer (remember, some people have older computers than yours).
btw. All the grsec options enabled on desktop?! It stinks...
*shiver* ... I had to deal with a Fedora install and SELinux not too long ago.
- tuxq
- Posts: 34
- Joined: Sun Mar 06, 2005 5:59 am
by fredrik » Fri Jul 01, 2005 11:14 am
...........There are fixes in PaX
that make sense for the standard kernel. But because not _all_ of PaX
makes sense for the standard kernel, and because I will _not_ take their
patch whole-sale, they apparently believe (incorrectly) that I wouldn't
even take the non-intrusive fixes, and haven't really even tried to feed
them back.
(Yes, Brad Spengler has talked to me about PaX, but never sent me
individual patches, for example. People seem to expect me to take all or
nothing - and there's a _lot_ of pretty extreme people out there that
expect everybody else to be as extreme as they are..)
Linus
more at http://kerneltrap.org/node/4590
- fredrik
- Posts: 1
- Joined: Fri Jul 01, 2005 11:10 am
10 posts
• Page 1 of 1