From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQRXl-0002iS-HW for garchives@archives.gentoo.org; Fri, 23 Jan 2009 19:18:17 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 774AEE06D6; Fri, 23 Jan 2009 19:18:13 +0000 (UTC) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by pigeon.gentoo.org (Postfix) with ESMTP id 2143CE06D6 for ; Fri, 23 Jan 2009 19:18:13 +0000 (UTC) Received: by ewy14 with SMTP id 14so4589995ewy.10 for ; Fri, 23 Jan 2009 11:18:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=EhDcIgkVtOC5PjMAFRPz83pCIkG0tzJaOj56sPSLdps=; b=mc2F5WbiPgHtbwpU/eG+tDdlhe8WaVJMLEnUGv+VzidwIXn2kWXaHiK43WD/pPNkcp 3RzTKow9SJc9CmOpEH1T78N24EdBUdzWWCswulyRwMR7gEm+Av23/244yRpwAbTgfVkv K4ZDEk4jUzXISSjR/yi3oINctrZivRobenbqY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=fvC4W7v/T2IRNuLA9aOrI+9ZmEItml4YA74txLjt7E/e6nUMtPE1Gn/LyMXneO4Pjn c5f3mIfSctc+SiPop7qlD63v28fRKdKCdYblPW4Fe8m8QI320PaCsjVnv2hpU5Kd9ycC jfHoyFuF2znE0WWI1Ns1zv2nsKhQhYM8BFTdY= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.103.247.14 with SMTP id z14mr1602186mur.70.1232738291718; Fri, 23 Jan 2009 11:18:11 -0800 (PST) In-Reply-To: <49bf44f10901231105n1e054c7frc5d8e39cf43a814c@mail.gmail.com> References: <49bf44f10901222037x6efccacbqd428e5e7be0899f6@mail.gmail.com> <1232733787.25551.6.camel@hangover> <49bf44f10901231014g31b7da8fk70a86dc0a5a7ebdf@mail.gmail.com> <200901231038.31451.gengor@gentoo.org> <49bf44f10901231105n1e054c7frc5d8e39cf43a814c@mail.gmail.com> Date: Fri, 23 Jan 2009 20:18:11 +0100 Message-ID: <897813410901231118v41fbd116u5f605c64e0007f56@mail.gmail.com> Subject: Re: [gentoo-hardened] Grsecurity slows down a web server? From: =?ISO-8859-1?Q?Javier_J=2E_Mart=EDnez_Cabez=F3n?= To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 1eff3ff4-2611-4b0b-a19e-6c74bd7c9d91 X-Archives-Hash: 89c9a43543fb833eb0a5ab0d7b1b5f68 PaX ignores nx bit in ia32. 2009/1/23 Grant : >> Try 'pspax'. If there is no NX bit and you enable both PAGEEXEC and SEGMEXEC >> it should not be using PAGEEXEC. > > What should I be looking for from pspax? I have to admit it does seem > faster now that I've disabled PAGEEXEC. > > - Grant > > >> http://www.bumpin.org/pics/PaX/pax_performance-2.6.24.png >> >> Gordon Malm (gengor) >> >> On Friday, January 23, 2009 10:14:11 Grant wrote: >>> > [snip] >>> > >>> >> menuconfig isn't letting me disable PAGEEXEC. Maybe it's tied to >>> >> grsecurity "Gentoo (server)"? I don't want to disable that. Maybe I >>> >> should live with the slowdown? >>> > >>> > No you should not. >>> > >>> > After selecting server and saving it. You want to then select "Custom" >>> > that will leave all the options enabled from "server". You then scroll >>> > over to the PaX menu and de-select PAGE and select SEGM. >>> > >>> > Easy as pie. Good luck. >>> >>> Alright, thank you. PAGEEXEC and SEGMEXEC are both selected via >>> Gentoo (server) so I disabled PAGEEXEC. Should I submit a bug too? >>> >>> - Grant > >