Hi!
On Tue, Nov 25, 2008 at 05:00:45PM +0200, Jan Klod wrote:
> Suppose, I want to take some extra precautions and set up PaX&co and MAC on a
> workstation with Xorg and other nice KDE apps (only some of which should be
> granted access to files in folder X). I would like to read others opinion, if
> I can get considerable security improvements or I will have to make that much
> of exceptions to those good rules, as it makes protection too useless?
Not sure about MAC, but GrSec + PaX + hardened toolchain is nice to have.
Unlike MAC, it's ease to setup, and there only few applications require
some weakening of security (using paxctl).
I use hardened workstation configured this way for years.
You can improve security further by running applications like web browser
and e-mail client in chroot, but that's for true paranoiac. :)
--
WBR, Alex.
