[grsec] PaX

jnf jnf at nosec.net
Thu May 5 21:25:20 EDT 2005


Hi,

just a couple thoughts on the subject.

1) isn't adamantix a debian based system thats hardened, would it be a
huge stretch to call it a hardened debian distro? If not, wouldn't this be
what you are looking for?

2) gentoo isn't hard at all, even stage 1- seriously you have a manual
that tells you exactly what to do, dont fear the gentoo.

3) if rolling your own distro is what you want to do, you may consider
checking out the hardened linux from scratch project- it will be at least
a step in the correct direction and give you a general framework, plus you
may decide that its better to build upon the open and free based rather
than rebuild the wheel.


just my thoughts though.


 --

There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?


On Thu, 5 May 2005 pageexec at freemail.hu wrote:

> Date: Thu, 05 May 2005 23:46:54 +0100
> From: pageexec at freemail.hu
> To: Banszki Gabor <banszki.gabor at chello.hu>
> Cc: GRSEC <grsecurity at grsecurity.net>
> Subject: Re: [grsec] PaX
>
> > As I know the Hardened Debian is in ruins.....
> > (the last update: 2004/11/22)
> > Maybee..... I can try to build my "own hardened Debian"... :))
>
> there's also a more recent and similar initiative for ubuntu,
> i was probably thinking of that.
>
> > I can rebuild the most important debian packages to PIE by changing the
> > CFLAGS/LDFLAGS and sometimes by modifing the debian rules script.
>
> or look at how adamantix does it and/or take their debs (although
> you have to watch out for SSP/__guard problems).
>
> > Is this a good approach?
>
> depends on how much time/skills/patience you have, rolling your
> own stuff is always harder to support later than relying on a
> distro that does it for you.
>
> > I am afraid of Hardened Gentoo a little bit...:((
>
> don't be ;-), but if this was your first exposure to gentoo then
> i'd suggest to not roll it on your production box just now, first
> get used to plain gentoo.
>
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>


More information about the grsecurity mailing list