From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L8eNE-0002rT-Jm for garchives@archives.gentoo.org; Fri, 05 Dec 2008 17:21:52 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 33FE1E0053; Fri, 5 Dec 2008 17:21:50 +0000 (UTC) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.187]) by pigeon.gentoo.org (Postfix) with ESMTP id DEFC9E0430 for ; Fri, 5 Dec 2008 17:21:49 +0000 (UTC) Received: by gv-out-0910.google.com with SMTP id n8so66740gve.39 for ; Fri, 05 Dec 2008 09:21:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=v5Bn2vMX/5+ID45sOj9skM3jTuCyfFEBtq6VwjCCDuM=; b=VGZI7eN8fzXkOC6XJENVZCeGe7tJKq15a4tteaWBfnMqzHj9d/ekUpgFHsAhKbXCL9 7AK6401l0XhvH1d+ezfD7bMkQ8iD/mb67bPyHu8lp1niLYf3P+X5eWaUydXSrLIVfLaO Bs7HBI7agJX+WQ/7Lxf7xkH7RDoZPaRNwnFQA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=lv/aYa1x0zUupR8h2vaBv6wYzvH2HmJWM1/T4Tz7EUemWOMOcO2FGsT7Y7zVe+0t7f XfEDh6XxXsjLUupWJ9Fgclv0PfoW9MxVFkeoLjjaW0DaIyRZQ+KthDA/2+/axoIeAETQ JNcShwBW9bn6GjhMZ2lzuIOqYtjtO5HD0PR7I= Received: by 10.103.240.5 with SMTP id s5mr115317mur.133.1228497708709; Fri, 05 Dec 2008 09:21:48 -0800 (PST) Received: by 10.103.214.9 with HTTP; Fri, 5 Dec 2008 09:21:48 -0800 (PST) Message-ID: <897813410812050921k1985ae7ar7caf712993423bc3@mail.gmail.com> Date: Fri, 5 Dec 2008 18:21:48 +0100 From: "=?ISO-8859-1?Q?Javier_Mart=EDnez?=" To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] hardened workstation - is that worth it? In-Reply-To: <493956E7.26292.956C347@pageexec.freemail.hu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200811251700.45540.janklodvan@gmail.com> <4255c2570811251158n28f3274ch34e87a1a3f1eacb6@mail.gmail.com> <897813410811251236o33ba4f18ne8cf71c873c6db4d@mail.gmail.com> <493956E7.26292.956C347@pageexec.freemail.hu> X-Archives-Salt: 2df16269-7122-4bf6-855f-02e87c7ef5f5 X-Archives-Hash: 7f23e1434a1157611d24e4031dea9365 Have you said me that I'm obsoleted?, ok, I agreed with you... o:), but since I don't use xorg in servers... no problem. You still having the other problems I commented. One question, somebody knows what made xorg incompatible with pax mprotect restrictions in earlier versions?. I put you a link that is newer than the link that Brian Kroth posted and still having the incompatibilities on: http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml, maybe a mistake? 2008/12/5 : > On 25 Nov 2008 at 21:36, Javier Mart=EDnez wrote: > >> In my opinion getting X-window running is bad in security concerns, by >> this reasons: >> - First: PaX should be disable in mprotect terms since Xorg needs it >> (with it refuse to run) . > > - PaX flags: -------x-e-- [/usr/bin/Xorg] > > and it works for me... so why do you need to disable MPROTECT on your Xor= g? > > >