From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 13A341385E0 for ; Mon, 7 Sep 2015 17:11:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C917D142EE; Mon, 7 Sep 2015 17:10:25 +0000 (UTC) Received: from mail.web-xs.org (mail.web-xs.org [148.251.4.204]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DBC93142AA for ; Mon, 7 Sep 2015 17:10:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.web-xs.org (Postfix) with ESMTP id DFA696EC2A5E for ; Mon, 7 Sep 2015 19:10:22 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail.web-xs.org Received: from mail.web-xs.org ([127.0.0.1]) by localhost (mail.web-xs.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4vycqZIlQ9g for ; Mon, 7 Sep 2015 19:10:17 +0200 (CEST) Received: from server-1.localdomain (p54A70EBD.dip0.t-ipconnect.de [84.167.14.189]) (Authenticated sender: lukas@der-erste-sinn.de) by mail.web-xs.org (Postfix) with ESMTPA id 9EFD26EC1633 for ; Mon, 7 Sep 2015 19:10:17 +0200 (CEST) Received: from hal9000.localdomain (hal.localdomain [192.168.0.2]) by server-1.localdomain (Postfix) with ESMTP id 62C893F66A for ; Mon, 7 Sep 2015 19:10:17 +0200 (CEST) Date: Mon, 7 Sep 2015 19:07:14 +0200 From: To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Anyone running a hardened profile? Message-ID: <20150907190714.742ac6f9@hal9000.localdomain> In-Reply-To: <20150906131517.52e8d6a0@a6> References: <20150906131517.52e8d6a0@a6> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: e130da19-c29e-4e50-bff7-56cd41a1c1f3 X-Archives-Hash: 119c2703985137541edcdd1ed6141b64 walt wrote: > https://wiki.gentoo.org/wiki/Hardened_Gentoo > > That wiki page is very seductive. It makes me want to drop everything > and select a hardened profile and re-emerge everything from scratch. > > But I have a feeling I'd soon be in big trouble if I did. Is this > something that only gentoo devs should be messing with, or is this > a project that a typical gentoo end-user might hope to accomplish > without frequent suicidal thoughts? I'm using hardened-profile and hardened sources for many years on a stable gentoo system. I don't have any binary packages installed. Everything works fine. No headache and no suicidal tendencies so far. There is a ML for gentoo-hardened (gentoo-hardened@lists.gentoo.org). I think it would be a good idea to ask the guys there, because some of them have a very deep knowledge of the underlaying technique. -- Regards wabe