* [gentoo-hardened] hardened profile/kernel on intel I7?
@ 2009-01-23 4:05 7v5w7go9ub0o
2009-01-30 23:23 ` Gordon Malm
0 siblings, 1 reply; 2+ messages in thread
From: 7v5w7go9ub0o @ 2009-01-23 4:05 UTC (permalink / raw
To: gentoo-hardened
I expect to assemble a small I7 in a week or so. My initial thought is
to use a 64 bit OS:
1. Does anyone have an I7 running a hardened profile/kernel? If so, any
tips, please.
2. Will the current gcc 3.4.6-r2 still function well, or should I forgo
propolice/ssp and go to 4.3.2-r2 'til the new hardened profile updates
the compiler?
3. I'd ....... guess ........ that I'd need a recent kernel e.g.
2.6.27-r4 for grsecurity!?
4. IIUC, some folks are working on a hardened 4.3.2(?) profile; is that
ready for prime time/ or ready for beta?
TIA
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-hardened] hardened profile/kernel on intel I7?
2009-01-23 4:05 [gentoo-hardened] hardened profile/kernel on intel I7? 7v5w7go9ub0o
@ 2009-01-30 23:23 ` Gordon Malm
0 siblings, 0 replies; 2+ messages in thread
From: Gordon Malm @ 2009-01-30 23:23 UTC (permalink / raw
To: gentoo-hardened
On Thursday, January 22, 2009 20:05:09 7v5w7go9ub0o wrote:
> I expect to assemble a small I7 in a week or so. My initial thought is
> to use a 64 bit OS:
>
> 1. Does anyone have an I7 running a hardened profile/kernel? If so, any
> tips, please.
>
Not me and haven't heard any reports. Maybe you'll be the first. :)
> 2. Will the current gcc 3.4.6-r2 still function well, or should I forgo
> propolice/ssp and go to 4.3.2-r2 'til the new hardened profile updates
> the compiler?
gcc-3.4.6-r2 should continue to work. You just won't be to brag
omg-I'm-so-super-31337-optimized.
>
> 3. I'd ....... guess ........ that I'd need a recent kernel e.g.
> 2.6.27-r4 for grsecurity!?
Yeah, you'll probably want 2.6.27 at minimum, 2.6.28 more likely. Even then
you might not have support for everything (sensor chips, etc.). Enabling
hyperthreading will likely cause instability/crashes due to a conflict with
PaX. Feel free to report a bug if you're willing to take instructions, do
test-and-retest cycles to help to debug it. If that is the case, I'd suggest
leaving Hyperthreading disabled and ensuring your system's health initially
(memtest, emerges, etc.) so as not to cause confusion/interference.
>
> 4. IIUC, some folks are working on a hardened 4.3.2(?) profile; is that
> ready for prime time/ or ready for beta?
>
It's unmasked in hardened profiles and in a 'testing' stage. PIC/PIE seems to
work. It isn't marked stable, so no its not ready for distro-wide 'prime
time' but feel free to test it out (non-production preferably) if you are
comfortable fixing things if/when they break.
>
> TIA
Welcome, sorry for the delay and short responses.
Gordon Malm (gengor)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-01-30 23:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-23 4:05 [gentoo-hardened] hardened profile/kernel on intel I7? 7v5w7go9ub0o
2009-01-30 23:23 ` Gordon Malm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox