> On 25 Dec 2017, at 15:33, Frank Steinmetzger wrote:
>
> On Mon, Dec 25, 2017 at 12:56:44AM -0600, R0b0t1 wrote:
>> On Mon, Dec 25, 2017 at 12:55 AM, R0b0t1 wrote:
>>> On Sun, Dec 24, 2017 at 1:44 PM, taii...@gmx.com wrote:
It is truly
On Mon, Dec 25, 2017 at 12:56:44AM -0600, R0b0t1 wrote:
> On Mon, Dec 25, 2017 at 12:55 AM, R0b0t1 wrote:
> > On Sun, Dec 24, 2017 at 1:44 PM, taii...@gmx.com wrote:
> >> It is truly disturbing to think that someone with an ME exploit could hack
> >> 80% of the
On 12/23/2017 10:20 PM, Adam Carter wrote:
>
> So i'm wondering how much difference there is between hardened and
> non-hardened profiles these days.
>
The hardened profiles ensure that PaX works by setting PAX_MARKINGS="XT"
and by making sure that you don't disable xattr support in, say,
I would also consider purchasing a system with libre firmware and
without ME/PSP such as:
POWER 9:
TALOS 2 (server/workstation, brand new and very high performance - the
only brand new hardware that is legitimately libre)
x86-64:
(older, pre-PSP AMD - the best CPU's for C32/G34 are
On 12/24/2017 02:43 AM, Adam Carter wrote:
Oh I just noticed that vtv is now default enabled for gcc, so you
could try;
CXXFLAGS="${CFLAGS} -fvtable-verify=std"
I tried this on earlier gccs, and there was a fair bit of breakage so
i didnt persue it. Maybe i'll re-try with 7.2 to see how
>
> Lastly, this in /etc/sysctl.conf. SYN cookies is kernel option. The fin
> timeout cut was to clear out tens of thousands of TIME_WAIT sessions.
> net.ipv4.tcp_fin_timeout = 20
> net.ipv4.tcp_syncookies = 1
>
Oh I just noticed that vtv is now default enabled for gcc, so you could try;
On Sun, Dec 24, 2017 at 1:09 AM, Peter Humphrey
wrote:
> Hello list,
>
> Now that grsecurity is off-limits, I'm left wondering how to go about
> hardening a no-multilib box that will be exposed to the Big Bad World.
>
> To start with, it's not obvious which profile to use:
On Saturday, 23 December 2017 17:46:20 GMT Michael Orlitzky wrote:
> On 12/23/2017 09:09 AM, Peter Humphrey wrote:
> > Hello list,
> >
> > Now that grsecurity is off-limits, I'm left wondering how to go about
> > hardening a no-multilib box that will be exposed to the Big Bad World.
>
> You can
On 12/23/2017 09:09 AM, Peter Humphrey wrote:
> Hello list,
>
> Now that grsecurity is off-limits, I'm left wondering how to go about
> hardening a no-multilib box that will be exposed to the Big Bad World.
You can still use grsec/pax if you're willing to stick with an older
(LTS) kernel:
Hello list,
Now that grsecurity is off-limits, I'm left wondering how to go about
hardening a no-multilib box that will be exposed to the Big Bad World.
To start with, it's not obvious which profile to use:
$ eselect profile list | grep no-multi | grep hardened
[23]
10 matches
Mail list logo