FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 11-24-2007, 05:44 PM
 
Default Hardened gentoo and hibernation

On 19 Nov 2007 at 11:38, RB wrote:

> > And how about PaX? Is it really so unlikely to be necessary on PC or
> > laptop for personal use?
>
> Not unlikely, but it presumes a compromised local account

actually it assumes the exact opposite as it's a protection mechanism
against remote attacks, not local ones. in fact, there's no protection
on the planet that will prevent an untrusted local user from elevating
privileges (because there's no generic solution against real life bugs
in the TCB itself).

as for why you want PaX on a desktop: not only because since day one
that was my primary use case (not servers, believe it or not), but
because client side attacks against browsers, mail/VOIP/IM/etc clients
are very real in today's internet.

> but some of it's controls may interfere with the operation of virtual
> machines.

only KERNEXEC should (and even that is fixable if someone's so inclined).


--
gentoo-hardened@gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 10:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org