From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2397-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LQDOr-0000hw-Dw
	for garchives@archives.gentoo.org; Fri, 23 Jan 2009 04:12:09 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 21A55E07ED;
	Fri, 23 Jan 2009 04:12:07 +0000 (UTC)
Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.247])
	by pigeon.gentoo.org (Postfix) with ESMTP id E7A2EE07ED
	for <gentoo-hardened@lists.gentoo.org>; Fri, 23 Jan 2009 04:12:06 +0000 (UTC)
Received: by rv-out-0708.google.com with SMTP id b17so4929592rvf.46
        for <gentoo-hardened@lists.gentoo.org>; Thu, 22 Jan 2009 20:12:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=s9NZ2g293aq46eLfbbBWP11g7jXA+Qu5wK6Ax315tvM=;
        b=I7iU7oBnZcWTOB6SGapK+gpF1g5U/pqFGgLvOH28+c29McRC7oVLvb5wMl76B9vQyh
         y0t3tKBdfNwsZXczoqfgUtQciw0S9TwTarbZ+gHrZo2WtUWabOPhIvpU6AhK4ruu26Yt
         kmk9TojIFoXt0q4kkVFRt6AaUxHtHSLOK13k0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=xvs2h5IYxEi4iJee/RjWBPOgDcBV67uMtF9YGh5jolaJGHktT4z5rUg9f/8nMy4elU
         vkBDGDpRCNBc2ox91g2OcBHMBhhLHYXrIJ0ukEbxy76IPCjCjmaXZxq9JeeODXud66Ed
         Jrmxe47HoJusRgO2NPz4jCnxWA1GtSH9ESxJA=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.140.177.15 with SMTP id z15mr3185479rve.114.1232683925934; 
	Thu, 22 Jan 2009 20:12:05 -0800 (PST)
In-Reply-To: <49bf44f10901221907ie90aaa7rc87fe6bd5b160b97@mail.gmail.com>
References: <49bf44f10901221106n630d668fwc7fe390f53a600b8@mail.gmail.com>
	 <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com>
	 <49bf44f10901221301k47941d92lc717e237a657e139@mail.gmail.com>
	 <4255c2570901221308y37ee8f26i11f33c9e3bbf5626@mail.gmail.com>
	 <49bf44f10901221907ie90aaa7rc87fe6bd5b160b97@mail.gmail.com>
Date: Thu, 22 Jan 2009 21:12:05 -0700
Message-ID: <4255c2570901222012w5b79c3a1pc8f214e19b0fe012@mail.gmail.com>
Subject: Re: [gentoo-hardened] 'paxctl -m bin' everything that complains?
From: RB <aoz.syn@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Archives-Salt: aabb5f55-8b1a-43e1-91d6-54e597479a2b
X-Archives-Hash: d251d9bc483f891df5abfa22d393687b

On Thu, Jan 22, 2009 at 20:07, Grant <emailgrant@gmail.com> wrote:
> It turns out I need to issue 'paxctl -m
> /usr/lib64/mozilla-firefox/firefox' to prevent firefox from crashing
> when watching a cnn.com video.  Is that a huge security issue?

That's up to you.  In running X and firefox, you've probably made
enough compromises that one more isn't going to make that much more of
a difference.  That said, execution protections (like MPROTECT) are
probably some of the more critical ones you're going to have, due to
the way most malware works, and turning them off on a browser is
probably unwise.

Security is always a balance of control & usability, choose yours and
live with it.