From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 939DB139694 for ; Fri, 23 Jun 2017 17:49:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8FE57234054; Fri, 23 Jun 2017 17:49:22 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 62B7A23404A for ; Fri, 23 Jun 2017 17:49:22 +0000 (UTC) Received: from [192.168.178.24] (x4e36a1bb.dyn.telefonica.de [78.54.161.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: toralf) by smtp.gentoo.org (Postfix) with ESMTPSA id 13A5C34177A for ; Fri, 23 Jun 2017 17:49:20 +0000 (UTC) Subject: Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream To: gentoo-project@lists.gentoo.org References: From: =?UTF-8?Q?Toralf_F=c3=b6rster?= Message-ID: <831a1b68-1083-ba04-faff-77267b7b06a1@gentoo.org> Date: Fri, 23 Jun 2017 19:49:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="C1ijUNShqkTgJfg32LaEigIxtrVHmfk18" X-Archives-Salt: 43ca70f1-e4b0-4086-bb94-9fcd7585bcb6 X-Archives-Hash: 18f3cb7d0399d133828d32fe4990a434 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --C1ijUNShqkTgJfg32LaEigIxtrVHmfk18 Content-Type: multipart/mixed; boundary="0NJcNRQN031bKSjkWTjkHB42mfsT2wpSM"; protected-headers="v1" From: =?UTF-8?Q?Toralf_F=c3=b6rster?= To: gentoo-project@lists.gentoo.org Message-ID: <831a1b68-1083-ba04-faff-77267b7b06a1@gentoo.org> Subject: Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream References: In-Reply-To: --0NJcNRQN031bKSjkWTjkHB42mfsT2wpSM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-GB On 06/23/2017 06:28 PM, Anthony G. Basile wrote: > I don't recommend we remove any of the machinery from Gentoo that deal= s with PaX > markings. I'm still using the hardened profile both at my desktop and my server - now together with latest stable vanilla-kernel by directly following the stable kernel git (echo "sys-kernel/vanilla-sources-4.10.13" >> /etc/portage/profile/package.provided). I realized (at the tinderbox images as well), that PAX-marking error messages do occur, when I didn't add '-paxkernel' to my USE flags. I do wonder, if the PAX marking logic could detect a running non-hardened kernel and therefore silently skip the step ? --=20 Toralf PGP 23217DA7 9B888F45 --0NJcNRQN031bKSjkWTjkHB42mfsT2wpSM-- --C1ijUNShqkTgJfg32LaEigIxtrVHmfk18 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE9Fss6CRzaFtvbcqtIyF9p5uIj0UFAllNVJcACgkQIyF9p5uI j0WiAgf/VjeIbpw9IHYheNF6BL9juyQMfBfTa9w5zZ9cYiPPvOLbEEGcxi7bGB4f QlDt7MuCTt3qKC7Qx9e3Ya6bXyiya1o0GYC3IAKMuznw0NXBHiY6xS/Hc4ICKPXR mnyihSfn7QSPavbxOhgIWRN58lD6rlHfMZ148Vb8eZc212H7yI6DhBS+jUNGBncK /yMIRz+7qRg/fE9ZwWPl+TVRYPUf1iCUkNfUVoegU76I8sCLRN/oufmCbE1LlLBv OvbGt8fZ+LjoVhK2WJNOKZDPoZGFIJYVd175J3gC9KM/0fkfkPYMPz8bEPk7Rt8j /WhPBXiKTd47ONS2v6o/xPgTO4/I0Q== =zur2 -----END PGP SIGNATURE----- --C1ijUNShqkTgJfg32LaEigIxtrVHmfk18--