From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-hardened+bounces-2412-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1LQRKy-0001KY-ES
for garchives@archives.gentoo.org; Fri, 23 Jan 2009 19:05:04 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id D779FE0743;
Fri, 23 Jan 2009 19:05:01 +0000 (UTC)
Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.187])
by pigeon.gentoo.org (Postfix) with ESMTP id 92099E0743
for <gentoo-hardened@lists.gentoo.org>; Fri, 23 Jan 2009 19:05:01 +0000 (UTC)
Received: by mu-out-0910.google.com with SMTP id i2so3274768mue.6
for <gentoo-hardened@lists.gentoo.org>; Fri, 23 Jan 2009 11:05:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:content-type
:content-transfer-encoding;
bh=3Sn3zinf/7nC4jssC1iAYxmWamFxe1tEN7wQPQpcYwk=;
b=T8Bpgt5yUs80qSTy/EinKjILUI0mewHyhC1zU+RFKHt0dk17O+ZDGBPpGZ5a2iYlZD
Hffc6WuLKH3Ll7i0xZFwbLRTYKtGNhxm60aX6mmVk9cR3sCCrlEVl1Qs99iUORFQoWq+
DLOqeC0/1WFIkAW9ME/gvxdFKvrpFxjLls9z4=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type:content-transfer-encoding;
b=n+z+rCzlUfUMJ9sSR25SQ+k2CoxyaW8zyfnyRsNvKo/sCQUodX41kOtE7uIJZUygZk
lKpau2bCwvQVOvgaDC0R2mSoUlHrf016w43nzreF42QADlmenavg5FqIn4tlGLk/16FU
pi0Ds1fIXb+kd+aAEpDkMgZlLkwQ1vpNb0sQ4=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.181.21.2 with SMTP id y2mr1923522bki.144.1232737500690; Fri,
23 Jan 2009 11:05:00 -0800 (PST)
In-Reply-To: <200901231038.31451.gengor@gentoo.org>
References: <49bf44f10901222037x6efccacbqd428e5e7be0899f6@mail.gmail.com>
<1232733787.25551.6.camel@hangover>
<49bf44f10901231014g31b7da8fk70a86dc0a5a7ebdf@mail.gmail.com>
<200901231038.31451.gengor@gentoo.org>
Date: Fri, 23 Jan 2009 11:05:00 -0800
Message-ID: <49bf44f10901231105n1e054c7frc5d8e39cf43a814c@mail.gmail.com>
Subject: Re: [gentoo-hardened] Grsecurity slows down a web server?
From: Grant <emailgrant@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: f5c64c57-b0a9-4320-8b59-f6f1515f26e3
X-Archives-Hash: d3c363ba69205016074388058fb47875
> Try 'pspax'. If there is no NX bit and you enable both PAGEEXEC and SEGMEXEC
> it should not be using PAGEEXEC.
What should I be looking for from pspax? I have to admit it does seem
faster now that I've disabled PAGEEXEC.
- Grant
> http://www.bumpin.org/pics/PaX/pax_performance-2.6.24.png
>
> Gordon Malm (gengor)
>
> On Friday, January 23, 2009 10:14:11 Grant wrote:
>> > [snip]
>> >
>> >> menuconfig isn't letting me disable PAGEEXEC. Maybe it's tied to
>> >> grsecurity "Gentoo (server)"? I don't want to disable that. Maybe I
>> >> should live with the slowdown?
>> >
>> > No you should not.
>> >
>> > After selecting server and saving it. You want to then select "Custom"
>> > that will leave all the options enabled from "server". You then scroll
>> > over to the PaX menu and de-select PAGE and select SEGM.
>> >
>> > Easy as pie. Good luck.
>>
>> Alright, thank you. PAGEEXEC and SEGMEXEC are both selected via
>> Gentoo (server) so I disabled PAGEEXEC. Should I submit a bug too?
>>
>> - Grant