From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L8enG-00062I-HP for garchives@archives.gentoo.org; Fri, 05 Dec 2008 17:48:46 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5112AE040B; Fri, 5 Dec 2008 17:48:45 +0000 (UTC) Received: from homeless.linbsd.net (homeless.linbsd.net [64.127.112.66]) by pigeon.gentoo.org (Postfix) with ESMTP id 331D5E040B for ; Fri, 5 Dec 2008 17:48:45 +0000 (UTC) Received: from [192.168.1.6] (dsl092-011-131.sfo1.dsl.speakeasy.net [66.92.11.131]) by homeless.linbsd.net (Postfix) with ESMTPA id B2F2658941 for ; Fri, 5 Dec 2008 09:48:44 -0800 (PST) Subject: Re: [gentoo-hardened] hardened workstation - is that worth it? From: Ned Ludd To: gentoo-hardened@lists.gentoo.org In-Reply-To: <493956E7.26292.956C347@pageexec.freemail.hu> References: <200811251700.45540.janklodvan@gmail.com> , <4255c2570811251158n28f3274ch34e87a1a3f1eacb6@mail.gmail.com> , <897813410811251236o33ba4f18ne8cf71c873c6db4d@mail.gmail.com> <493956E7.26292.956C347@pageexec.freemail.hu> Content-Type: text/plain; charset=ISO-8859-1 Date: Fri, 05 Dec 2008 09:48:43 -0800 Message-Id: <1228499324.6105.30.camel@localhost> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 81c9301a-cb7a-4ba9-a6fb-96d9eabb0ea8 X-Archives-Hash: 0cd918c4e66648e98ba2048de3570d18 On Fri, 2008-12-05 at 17:29 +0200, pageexec@freemail.hu wrote: > On 25 Nov 2008 at 21:36, Javier Mart=EDnez wrote: >=20 > > In my opinion getting X-window running is bad in security concerns, b= y > > this reasons: > > - First: PaX should be disable in mprotect terms since Xorg needs it > > (with it refuse to run) . >=20 > - PaX flags: -------x-e-- [/usr/bin/Xorg] >=20 > and it works for me... so why do you need to disable MPROTECT on your X= org? >=20 Could be that other ppl might start hitting that mesa bug..