From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RIhqs-0004XK-PG for garchives@archives.gentoo.org; Tue, 25 Oct 2011 14:19:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EB62221C05F; Tue, 25 Oct 2011 14:19:29 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 3FBD721C036 for ; Tue, 25 Oct 2011 14:19:03 +0000 (UTC) Received: from [192.168.1.2] (178-36-93-208.adsl.inetia.pl [178.36.93.208]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: xarthisius) by smtp.gentoo.org (Postfix) with ESMTPSA id 547EF1B4010 for ; Tue, 25 Oct 2011 14:19:02 +0000 (UTC) Message-ID: <4EA6C548.3070206@gentoo.org> Date: Tue, 25 Oct 2011 16:18:48 +0200 From: Kacper Kowalik User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20111009 Thunderbird/7.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Moving more hardening features to default? References: <4E9FE012.5080703@gentoo.org> In-Reply-To: <4E9FE012.5080703@gentoo.org> X-Enigmail-Version: 1.4a1pre Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigB89DB057F9BBD1E285E71E74" X-Archives-Salt: X-Archives-Hash: ba77c185f9d5f82967610b9fbd4826f1 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB89DB057F9BBD1E285E71E74 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable W dniu 20.10.2011 10:47, "Pawe=C5=82 Hajdan, Jr." pisze: > I've noticed > , i.e.= > Debian is starting to make more and more hardening features default, at= > least for most packages. >=20 > Should we start doing that too? What are possible problems with that? I= t > seems like it's mostly about USE=3Dhardened, right? Hi, just a bunch of quick questions from a hardened newbie: 1) Is there are reason to do it beside "Debian is going to do it"? 2) What's wrong with current approach i.e. having seperate hardened profi= le? 3) What are the benefits for an average desktop user or high-performance cluster? While answering that, please skip things obvious like having "more secure box". Cheers, Kacper --------------enigB89DB057F9BBD1E285E71E74 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJOpsVOAAoJEF0huFKJUZL502UQAJqe59J2+Saw9djmpTkEo4GM vY7z3dVoDGIScyp9+NUI6UT3iypJkVXRuxWDgHObzmFrEuYdz8+RhxcZ4P0QiBWP EsPhAx6qAXOBta2FvF/aIBFhBQYcWv8sP3xl8J59gcKgby2g3ZbySaG+EEyC7nCk a4HI4vDm6QapwvhfRi7M8ENVDXOhQtC+q71CUn8admsgM7awU6qo1sGy/lRkUWof Rdjo+mtKtT3iqGbaJnFW9aUtyIfHqmAfp4xzzZlwqlLIu6Z7IZznRJjE/GI0jA0S FPtmDxqcxxDmppn/JboNxJpfqmGkCsLfMFn/3fDMZ420d/5Y9dVr11cWY2ICKmoF CejpCPG8UWnSNCiBry3nwP95ETkKn1o3nYakwhnr6oL8fYtqeyPRAY9w9krOLa6I GqdktivYUfxAyIZ0r0I9OKmsXY2Vz7fjQokktHLChSzJqHI4JAL+osuEhHHmijXF n9qQYQMMQXlv8CL8Lpb9NKZYuSKzymrEbNJJpOl6SxgYF6QzYQdRCebTK/SgYYGH DlOjthmNS/XhYGG9qDe8GhQ6sxJPqw+V4ThRQmSK6NC0zsjPVUbsNpiAg1ffw1yq fqEA3lBAlPuDfP78jlzX6uQTKXSvWDaE4q2Y10aluYJMtgiPs3NmCkIMAPTn1Oe1 IS0qkuo+zsaLATSnPrDW =c4AD -----END PGP SIGNATURE----- --------------enigB89DB057F9BBD1E285E71E74--