On 12/31/11 08:43, "Tóth Attila" wrote: > Isn't it miserable to see, that as time is passing by, more and more > important softwares (java, python, libreoffice, firefox) conflict > with more and more PAX restrictions? I would expect exactly the > opposite. But it seems, that developers become less and less aware > (or care less) about security. > > Nowdays I would rather run libreoffice and firefox in a jail. But I > have no time to set up an environment and grsec policy for it.
Heh...better yet; using VMs - with optional hardware assistance. Joanna Rutkowska of <http://theinvisiblethings.blogspot.com/> , who is well-known as an effective white-hat cracker, is developing a "secure" OS she calls Qubes <http://qubes-os.org/Home.html> She's presently using fedora as the Linux source distribution, but there's been a lot of enthusiastic discussion among some of the beta testers about changing to Gentoo <https://groups.google.com/group/qubes-devel/browse_thread/thread/588399cdd43da28c#> and some of these guys seem poised to go for it. Should the switch occur, one would painlessly have hardened Gentoo VMs, managed by a XEN bare-metal hypervisor. In the case of Firefox 9.0 (actually, now Firefox 9.0.1), one could safely continue with Firefox 8.0 in temporary ("disposable") VMs 'til the Gentoo developers (who are volunteers, generously donating personal time) get a chance to address the issue.
