From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RGsC1-00081N-6C for garchives@archives.gentoo.org; Thu, 20 Oct 2011 12:57:53 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2994721C11C; Thu, 20 Oct 2011 12:57:45 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 91C5321C11A for ; Thu, 20 Oct 2011 12:57:01 +0000 (UTC) Received: from vapier.localnet (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 092351B400C for ; Thu, 20 Oct 2011 12:57:01 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Moving more hardening features to default? Date: Thu, 20 Oct 2011 08:57:00 -0400 User-Agent: KMail/1.13.7 (Linux/3.1.0-rc4; KDE/4.6.5; x86_64; ; ) References: <4E9FE012.5080703@gentoo.org> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3020873.Av5jcZmys5"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201110200857.00687.vapier@gentoo.org> X-Archives-Salt: X-Archives-Hash: 1d4dd0594846a141978a7a896919d703 --nextPart3020873.Av5jcZmys5 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thursday 20 October 2011 08:41:55 Rich Freeman wrote: > 2011/10/20 Tom=C3=A1=C5=A1 Chv=C3=A1tal: > > I would say that most hardened features should be merged to to main > > profile as soon as they won't cause major PITA for the regular users. >=20 > I agree - especially for stuff that doesn't require active setup > (stack protection, PaX, etc). except PaX requires kernel patches and is known to break things. not an=20 acceptable default. =2Dmike --nextPart3020873.Av5jcZmys5 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABAgAGBQJOoBqcAAoJEEFjO5/oN/WB+/kP/1X9pmD2JO7MGmpVHs8t3ZBO cXWupvzKIGbeoZXRL7/TW9Z4JysZEXDkaca6FT8puzJCXbw1M5WvrBVqfeY/Rs8e chmvZrxaxgYtFv8nlkEAyihLzsjo6DuQ7c5luWdoagSt89hPbQaEr7px2UY9WThx OgP8XDcPZKhNjb4kYWdmmRPkWvWISqxDxWDWPcUrE2YOJXz6/uXHChd5Ft7Se9VV ecnh5k8L+WNvq+r7lCGOm1l+GELqyob4H3/+zVPjC4n78hjT+bxVKFMzSvt2IM3h vyy2Kh6ylSjVB5yVZQ5JA3yLYOGDuslhVLguUCL+D6Wam2+HFuCaQSv91+QUKxFf sOolcD1cvrMdIWXTQhmBxWYmRkx+ck2ZnI8k3k9rs1eh5nSEPENzBU6L6GmAWAU6 CtZx/TPY+s3mmfLw1LHE8hakkb4XqREfp0t7L0lwK0v13yEaAiv4gfP50aJ2JycU h3JinEt90T11jjl+9cMMuk993NbnIFnYrwuCeZ3dZCREIRQAg0gERrjJdqqNzNxJ 6KpkT6lU/5zvWRWKByHTarTfMsX8W7cYqTFL9QLU3euOQxMwSQKPcnv1CoH7wl97 XaQRsFEzhldnkG6ubqTVCKBGjxq3nR0PzO0tLwaVBG+DFvQoarzADav3S32vmFoR exTlrpvainYCHsuJsVBj =W7Ny -----END PGP SIGNATURE----- --nextPart3020873.Av5jcZmys5--