From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RGwG6-0005FQ-U8 for garchives@archives.gentoo.org; Thu, 20 Oct 2011 17:18:23 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 05784E0970; Thu, 20 Oct 2011 17:18:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 37097E0966 for ; Thu, 20 Oct 2011 17:17:34 +0000 (UTC) Received: from vapier.localnet (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 9FDDA64C5D for ; Thu, 20 Oct 2011 17:17:33 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Moving more hardening features to default? Date: Thu, 20 Oct 2011 13:17:33 -0400 User-Agent: KMail/1.13.7 (Linux/3.1.0-rc4; KDE/4.6.5; x86_64; ; ) References: <4E9FE012.5080703@gentoo.org> <4EA031F0.5080200@gentoo.org> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart11114816.l3PuGZGW2V"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201110201317.33900.vapier@gentoo.org> X-Archives-Salt: X-Archives-Hash: 973ab6619997871ae632405186dae907 --nextPart11114816.l3PuGZGW2V Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Thursday 20 October 2011 12:47:27 Rich Freeman wrote: > I was trying to draw a contrast between passive things like > stack-protection and things that really get in your face like MAC. the trouble was in the context quoting then ... it sounded like you were=20 proposing PaX by default i am a fan of things that "just work" though which is why i was happy to me= rge=20 the fortify source code. most of that checking is done at compile time, so= =20 the runtime overhead is generally small. and in terms of packages that did= =20 break, it was (more often than not) because they were broken already but we= =20 never noticed. =2Dmike --nextPart11114816.l3PuGZGW2V Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABAgAGBQJOoFetAAoJEEFjO5/oN/WB7HEP/35Ez3C6Ljq8UH2+A/XwOVz3 yWe/6idHMHKXbEz2BQQIzvKtU5YSnzYFQ310/dATVAIclNJv9lEfbJXwMmDWkBY2 bW6MmKsN7oOj0zg5y6ojKhxPugLZusGrSK/OIZfwjWEaz3V0aayXDCLFn23VMZUB +i+vZVQa1IBrWpK1BplCMTC2U0aLiUWTw5ntkaWuJiQ9sLMv0hxnXgKBCjak1y8+ Gmo1ONR/idM/9SG/WoaX+WkQ6C+Mxrsi/ZhuMeQOAG8i6aDHzb2h5whJoQ+7haHz AIKciWb2mjLeESsPJlkDC5ejB8LwIY4/L21ZHeFa/Yx5YQPTlZFyQYAaUYz+GiJX C8aVxuwIj0zAEYIpnKaRTJ7+5tLlphozoGgvt9pIoc9hYhYRKZJJwbJWegDJCV8Y tKxQsXcaAEMAm1VcRRcE9kbIphVMoZ/hhXhz6HWg3pNcoVTZ9fo7+Cb/jQSSMHY1 OjWFjPQpWTLe9XZt0k2kYqjpcalclQCuRYDLQBWATU1VmwpiLQUNnMoxkwuimf+J XmoVI9hoPQaMcN7z41mark1ELjeGDF4XcXkvS9P2IZFkWTjZYvZFGXIYeeCEKTtz N5uFgFHCGeDxtiSmtiVG7007Zh9ISAnCcT9BLM8RA4Lv3tdgilCjIwzOlz0QH4gB TwafxmNyvd2P43IR9ybV =U/DN -----END PGP SIGNATURE----- --nextPart11114816.l3PuGZGW2V--