From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from <gentoo-hardened+bounces-2400-garchives=archives.gentoo.org@lists.gentoo.org>) id 1LQMjl-0002zL-PA for garchives@archives.gentoo.org; Fri, 23 Jan 2009 14:10:22 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 26825E093D; Fri, 23 Jan 2009 14:10:19 +0000 (UTC) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by pigeon.gentoo.org (Postfix) with ESMTP id D95D9E093D for <gentoo-hardened@lists.gentoo.org>; Fri, 23 Jan 2009 14:10:18 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e21so2601145fga.14 for <gentoo-hardened@lists.gentoo.org>; Fri, 23 Jan 2009 06:10:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=681eUsRx2nArntXlyO0rP+8zLj9Iv/pf68MUUgu5zTg=; b=A4XJ55YT24QV9/df7jihPFFkEYpRcMS2pQejJLJrgRdQcgisNAcCvo9s5xGdtF/qn3 sID3XijPTAhs3OlUgx40dUspIzekxD9nf0nggHvlinfVBUbEEa66bzP/uh9QWGdOisFm cpG83jqg434Hz547Inrvy+nTAcufO6ld7HfVo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=r4PjgjRxeZjlsMMdfUfzysLgrIN5NerkMiwcKTs+F9mAlfW4t2m/gehLN976N+0U14 10eDipQyIWArG47eVUGVcJYLcNTXeOSzB9i+Ex9gqVSj7Qv78mFS8ZGgUfjfHq476GXz 963G8wVSOn6llhWv+6S2+D4PnYlK9XdF4sC84= Precedence: bulk List-Post: <mailto:gentoo-hardened@lists.gentoo.org> List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org> X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.180.246.2 with SMTP id t2mr309976bkh.161.1232719818219; Fri, 23 Jan 2009 06:10:18 -0800 (PST) In-Reply-To: <497985F1.25065.4B5BFE@pageexec.freemail.hu> References: <49bf44f10901222037x6efccacbqd428e5e7be0899f6@mail.gmail.com> <497985F1.25065.4B5BFE@pageexec.freemail.hu> Date: Fri, 23 Jan 2009 06:10:18 -0800 Message-ID: <49bf44f10901230610y54cf1a67q76fddf7ee5dc19de@mail.gmail.com> Subject: Re: [gentoo-hardened] Grsecurity slows down a web server? From: Grant <emailgrant@gmail.com> To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: fab8dfc7-05c0-4242-a389-fba1ef9e6afd X-Archives-Hash: 07a3faa41f90cccadffdbbb08595d24c >> My website seems a bit slower since I enabled grsecurity on that >> system. Is that typical? Is it most likely due to MPROTECT, or >> something else? > > can you quantify this slowdown? and what grsec/pax features did you enable? I enabled the grsecurity "Gentoo (server)" profile in the hardened kernel. I haven't quantified it, it just seems slightly slower. It's definitely not a big change. I'm not really expecting to fix it, I just thought I'd ask if that was typical. - Grant