From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2421-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LQnYA-0006e5-75
	for garchives@archives.gentoo.org; Sat, 24 Jan 2009 18:48:10 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C21F0E02DA;
	Sat, 24 Jan 2009 18:48:08 +0000 (UTC)
Received: from mail-fx0-f20.google.com (mail-fx0-f20.google.com [209.85.220.20])
	by pigeon.gentoo.org (Postfix) with ESMTP id 7828DE02DA
	for <gentoo-hardened@lists.gentoo.org>; Sat, 24 Jan 2009 18:48:08 +0000 (UTC)
Received: by fxm13 with SMTP id 13so1280625fxm.10
        for <gentoo-hardened@lists.gentoo.org>; Sat, 24 Jan 2009 10:48:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=HoVOWPF9ynluDvenN0U9hIe1TBwVtiIepo6VRB5lAqA=;
        b=B5tIvDdChNs5lXKMionR+cMPho9dDjQ2toklNox3xA42BEk1t4Oz7gMzGHtaChTJjO
         Lkq0Vwmg3drruMpeEdJc6n7b9ZXR1JKYL9SaWg8PHGiqgjjA4qdnG5OOz7mP1lKnh2dh
         uXYgsE8XSEI5NZ8enm/YZxyneRtAuM3yXf7Ck=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=JqZ9Z97M4m9HanI6exd+JkcLuI4hTClNI5bOLSECLjudXbyu2xqhIGj7tha2x4cWQs
         iqu99LHfvye0sxGqE8q/8EEX6rxM/iepmPi78jLZe6zDUUQ/NLJO33LTlK7yeSD0f42g
         LrNIvX1QllbjfXIetpNyYhSKW95j6eHLeHcM8=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.180.214.15 with SMTP id m15mr947825bkg.78.1232822887733; Sat, 
	24 Jan 2009 10:48:07 -0800 (PST)
In-Reply-To: <497B52A6.20890.4DC7BE@pageexec.freemail.hu>
References: <49bf44f10901222037x6efccacbqd428e5e7be0899f6@mail.gmail.com>
	 <497B459F.21727.1AE408@pageexec.freemail.hu>
	 <49bf44f10901240851v2f71f26bmc704e95fd0140ad3@mail.gmail.com>
	 <497B52A6.20890.4DC7BE@pageexec.freemail.hu>
Date: Sat, 24 Jan 2009 10:48:07 -0800
Message-ID: <49bf44f10901241048r193503caj29e285e3576e5867@mail.gmail.com>
Subject: Re: [gentoo-hardened] Grsecurity slows down a web server?
From: Grant <emailgrant@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 8f08621f-8cb3-4cc3-a8e9-dd69a2dfdbdb
X-Archives-Hash: bea7ca4658fb31ca22a6ef7803c7e2db

>> Nope, you guys are absolutely right.  It falls back to peMRS whether
>> or not I enable PAGEEXEC since I don't have the nx flag.
>
> ok, so coming back to your original problem, are you saying that you
> had an observable slowdown due to SEGMEXEC? if so, i'd like to see some
> numbers and think about it, if you have some time.

I thought there was a slowdown going from no grsecurity to grsecurity
"Gentoo (server)",  but now I'm not so sure.  I'll keep an eye on it
for sure.  Would you consider an external http monitor's response
times over 24 hours a good indicator of whether or not I should
investigate further and do real benchmarking?

- Grant