Hi!
On Tue, Nov 25, 2008 at 06:39:26PM +0200, Jan Klod wrote:
> Could you post a list of apps, that need PaX lifted?
Most of this already done by portage when emerging apps, so you rarely
need to do this manually. Few examples come in my mind is operawrapper for
running complex Flash/Flex applications; mplayer for playing files in
windows-related formats using codecs in .dll (media-libs/win32codecs);
and OS Inferno which is virtual machine like Java but compiled manually
(probably I'll create ebuild for it later).
Also you have to switch off one item in kernel configuration (compared to
typical config on servers):
Security options ---> Grsecurity ---> Address Space Protection --->
[ ] Disable privileged I/O
and may need to enable loadable modules support (also switched off on
servers) to work with VMware or binary NVidia drivers etc.
> Also there is another question: has anyone made some benchmarks to see how
> much raw computing power (CPU+RAM access, which happen during some purely
> computational task) decreases?
There some available on internet, just google for it. AFAIR there was 2-5%
slowdown compared to non-hardened system.
I did my own tests several years ago when switching to hardened - same
results: 2% slowdown for most operations, compiling a little more slower.
Nothing noticeable on workstation to worry about unless you have ancient
hardware which play mp3s using 100% CPU and will lag if you do anything
else at same time. :)
--
WBR, Alex.
