From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MfHQZ-0004Tm-SU for garchives@archives.gentoo.org; Sun, 23 Aug 2009 18:04:28 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3401CE0333; Sun, 23 Aug 2009 18:04:26 +0000 (UTC) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by pigeon.gentoo.org (Postfix) with ESMTP id 2524EE0333 for ; Sun, 23 Aug 2009 18:04:26 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by gateway1.messagingengine.com (Postfix) with ESMTP id F413D5088C; Sun, 23 Aug 2009 14:04:25 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Sun, 23 Aug 2009 14:04:26 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:reply-to:mime-version:to:subject:references:in-reply-to:content-type; s=smtpout; bh=r6bcO59tUGCFNx7KIgpHtow1RrM=; b=t8mmhQKgpRQFX/U/UuseofSz5OUxdJymXWP1xkGU9WYefZIC1RgTqiGKmLUMjXJVD7gBa5d1M1gl36459lqJN803qB3Efcaer+nwCaTMShBpeK8r+d0HTYWW1SxxLAaBBeY7zlxWIgeA7/ueWG6W3PFcKmbaTI3cr/vk8eNf7kY= X-Sasl-enc: z8uKu+P/QXBe9K9lHlJICeQEOmX2su+hZUtC/xsmax4k 1251050664 Received: from [192.168.5.10] (binarywings.net [92.51.162.90]) by mail.messagingengine.com (Postfix) with ESMTPSA id 322DD14EFD for ; Sun, 23 Aug 2009 14:04:23 -0400 (EDT) Message-ID: <4A91849E.2040406@f_philipp.fastmail.net> Date: Sun, 23 Aug 2009 20:04:14 +0200 From: Florian Philipp User-Agent: Thunderbird 2.0.0.22 (X11/20090809) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Opinions on -fstack-protector References: <4A9042CE.3000207@f_philipp.fastmail.net> <20090823201417.071af9fb@coercion> In-Reply-To: <20090823201417.071af9fb@coercion> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig06D7E5EF8829E521F5541632" X-Archives-Salt: bb4accb2-e8e5-4107-b5d9-51c1f4fb1ca9 X-Archives-Hash: 8207359e3ba2565665677db1bbc8df7c This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig06D7E5EF8829E521F5541632 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Mike Kazantsev schrieb: > On Sat, 22 Aug 2009 21:11:10 +0200 > Florian Philipp wrote: >=20 >> I'm wondering what you think about CFLAGS=3D"-fstack-protector"? Do yo= u >> use it on security critical systems? Do you compile your kernel with i= t >> (2.6.30+)? Is the performance decrease noticeable? >=20 > I might be missing a point, but if you want really secure kernel, why'd= > you use 2.6.30+ instead of hardened-sources something like PaX and > grsecurity? >=20 In this particular case, the system is a vserver client. The kernel is out of my reach. I only have control about userspace. In general, I thought this might be a simple improvement which doesn't need all the fuzz a hardened system would need (esp. for desktop systems and such alike). --------------enig06D7E5EF8829E521F5541632 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqRhKQACgkQqs4uOUlOuU90mACeLlJJexGevISl1KxeDFSXAkxG TTsAnRZpGBl5fzOyJcf3tvZMYtcf7gGC =TCUC -----END PGP SIGNATURE----- --------------enig06D7E5EF8829E521F5541632--