From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16044 invoked from network); 20 May 2004 00:02:27 +0000 Received: from smtp.gentoo.org (156.56.111.197) by parrot.ussg.indiana.edu with SMTP; 20 May 2004 00:02:27 +0000 Received: from parrot.ussg.indiana.edu ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.34) id 1BQb0z-0003t6-Gi for arch-gentoo-dev@lists.gentoo.org; Thu, 20 May 2004 00:02:25 +0000 Received: (qmail 19961 invoked by uid 89); 20 May 2004 00:02:24 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 119 invoked from network); 20 May 2004 00:02:24 +0000 X-T2-Posting-ID: +Fzxb8ijMtpvZ+oCWeFeV97fN06SrlYKWbc7nsfdk0I= Date: Thu, 20 May 2004 02:02:24 +0200 From: Tom Payne To: gentoo-dev@lists.gentoo.org Message-ID: <20040520000224.GA17215@tompayne.org> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <200405180034.30388.stuart@gentoo.org> <200405191906.17673.stuart@gentoo.org> <40ABAA3D.9020704@gentoo.org> <200405192052.05681.stuart@gentoo.org> <20040519232308.GD14148@tompayne.org> <1085010552.8264.18.camel@gorn.pebenito.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1085010552.8264.18.camel@gorn.pebenito.net> User-Agent: Mutt/1.5.6i Subject: Re: [gentoo-dev] Hardened PHP now in Gentoo X-Archives-Salt: 0d57353c-3ba8-40ed-8a9b-d924aab8ef6a X-Archives-Hash: 84cae747d389dace80f2ff6f85f83cef On Wed, May 19, 2004 at 06:49:12PM -0500, Chris PeBenito wrote: > On Wed, 2004-05-19 at 18:23, Tom Payne wrote: > > hardened Gentoo meaning stack overflow protection, toolchain mods, etc. etc. > > is different to harder-to-exploit PHP. Hardened PHP (AIUI) is more like Safe > > mode in Ruby (and other scripting languages). The two are different things > > and should not be confused. > > No, it means the same thing. From the hardened php site: Ooops, my bad. Thanks for the clarification. I guess I'm trying to work out "if I want hardened gentoo, do I always want hardened php?" and vice versa, as would be implied by the two having the same USE flag. To me, hardening the system vs. hardening a web scripting language are two separate things (i.e. you could want one without the other) but I haven't yet come up with a convincing argument for this :-) -- Tom -- gentoo-dev@gentoo.org mailing list