[grsec] PaX
pageexec at freemail.hu
pageexec at freemail.hu
Thu May 5 18:46:54 EDT 2005
> As I know the Hardened Debian is in ruins.....
> (the last update: 2004/11/22)
> Maybee..... I can try to build my "own hardened Debian"... :))
there's also a more recent and similar initiative for ubuntu,
i was probably thinking of that.
> I can rebuild the most important debian packages to PIE by changing the
> CFLAGS/LDFLAGS and sometimes by modifing the debian rules script.
or look at how adamantix does it and/or take their debs (although
you have to watch out for SSP/__guard problems).
> Is this a good approach?
depends on how much time/skills/patience you have, rolling your
own stuff is always harder to support later than relying on a
distro that does it for you.
> I am afraid of Hardened Gentoo a little bit...:((
don't be ;-), but if this was your first exposure to gentoo then
i'd suggest to not roll it on your production box just now, first
get used to plain gentoo.
More information about the grsecurity
mailing list