On Fri, 16 Mar 2007 21:54:16 -0400 "Caleb Cushing" <[EMAIL PROTECTED]> wrote:
> are there any real advantages to using hardened sources if you aren't > applying any pax or grsecurity patches? given that you can get > selinux in regular gentoo sources. Hi, Current hardening scheme is broadly said in two places: 1.kernel patches - PaX, grsec2, rsbac(incl. PaX), selinux; 2.Building all userland apps "PIC&PIE" (SSP is already in gcc-4.1.X). PaX complements PIE very well, all the others are access-control tools. Very simplified explanation, here. HTH. Rumen -- gentoo-hardened@gentoo.org mailing list
