On Tuesday 25 November 2008 17:56:41 Alex Efros wrote: > Hi! > > On Tue, Nov 25, 2008 at 05:00:45PM +0200, Jan Klod wrote: > > Suppose, I want to take some extra precautions and set up PaX&co and MAC > > on a workstation with Xorg and other nice KDE apps (only some of which > > should be granted access to files in folder X). I would like to read > > others opinion, if I can get considerable security improvements or I will > > have to make that much of exceptions to those good rules, as it makes > > protection too useless? > > Not sure about MAC, but GrSec + PaX + hardened toolchain is nice to have. > Unlike MAC, it's ease to setup, and there only few applications require > some weakening of security (using paxctl). > I use hardened workstation configured this way for years.
Could you post a list of apps, that need PaX lifted? Also there is another question: has anyone made some benchmarks to see how much raw computing power (CPU+RAM access, which happen during some purely computational task) decreases?
