From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2400-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LQMjl-0002zL-PA
	for garchives@archives.gentoo.org; Fri, 23 Jan 2009 14:10:22 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 26825E093D;
	Fri, 23 Jan 2009 14:10:19 +0000 (UTC)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152])
	by pigeon.gentoo.org (Postfix) with ESMTP id D95D9E093D
	for <gentoo-hardened@lists.gentoo.org>; Fri, 23 Jan 2009 14:10:18 +0000 (UTC)
Received: by fg-out-1718.google.com with SMTP id e21so2601145fga.14
        for <gentoo-hardened@lists.gentoo.org>; Fri, 23 Jan 2009 06:10:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=681eUsRx2nArntXlyO0rP+8zLj9Iv/pf68MUUgu5zTg=;
        b=A4XJ55YT24QV9/df7jihPFFkEYpRcMS2pQejJLJrgRdQcgisNAcCvo9s5xGdtF/qn3
         sID3XijPTAhs3OlUgx40dUspIzekxD9nf0nggHvlinfVBUbEEa66bzP/uh9QWGdOisFm
         cpG83jqg434Hz547Inrvy+nTAcufO6ld7HfVo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=r4PjgjRxeZjlsMMdfUfzysLgrIN5NerkMiwcKTs+F9mAlfW4t2m/gehLN976N+0U14
         10eDipQyIWArG47eVUGVcJYLcNTXeOSzB9i+Ex9gqVSj7Qv78mFS8ZGgUfjfHq476GXz
         963G8wVSOn6llhWv+6S2+D4PnYlK9XdF4sC84=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.180.246.2 with SMTP id t2mr309976bkh.161.1232719818219; Fri, 
	23 Jan 2009 06:10:18 -0800 (PST)
In-Reply-To: <497985F1.25065.4B5BFE@pageexec.freemail.hu>
References: <49bf44f10901222037x6efccacbqd428e5e7be0899f6@mail.gmail.com>
	 <497985F1.25065.4B5BFE@pageexec.freemail.hu>
Date: Fri, 23 Jan 2009 06:10:18 -0800
Message-ID: <49bf44f10901230610y54cf1a67q76fddf7ee5dc19de@mail.gmail.com>
Subject: Re: [gentoo-hardened] Grsecurity slows down a web server?
From: Grant <emailgrant@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: fab8dfc7-05c0-4242-a389-fba1ef9e6afd
X-Archives-Hash: 07a3faa41f90cccadffdbbb08595d24c

>> My website seems a bit slower since I enabled grsecurity on that
>> system.  Is that typical?  Is it most likely due to MPROTECT, or
>> something else?
>
> can you quantify this slowdown? and what grsec/pax features did you enable?

I enabled the grsecurity "Gentoo (server)" profile in the hardened
kernel.  I haven't quantified it, it just seems slightly slower.  It's
definitely not a big change.  I'm not really expecting to fix it, I
just thought I'd ask if that was typical.

- Grant