Hi, > > I have often considered and even tried a couple of times to setup a > hardened box however I get confused between all the different options > and all the different implications. What with Selinux Grsecurity 1/2 > RSBAC PIE etc. etc. > >
yeah - same here. although i am interested and wouldn't even mind a small performance hit i have not had the guts to follow through... the craziest thing is, that i seem to get a hardened toolchain built by default - without using the hardened profile marsupilami ~ # gcc-config -l [1] i686-pc-linux-gnu-3.3.6 * [2] i686-pc-linux-gnu-3.3.6-hardened [3] i686-pc-linux-gnu-3.3.6-hardenednopie [4] i686-pc-linux-gnu-3.3.6-hardenednopiessp [5] i686-pc-linux-gnu-3.3.6-hardenednossp [6] i686-pc-linux-gnu-3.4.4 [7] i686-pc-linux-gnu-3.4.4-hardened [8] i686-pc-linux-gnu-3.4.4-hardenednopie [9] i686-pc-linux-gnu-3.4.4-hardenednopiessp [10] i686-pc-linux-gnu-3.4.4-hardenednossp so whats the difference? somewhere it says that on x86 the performance penalty for PIE is considerable... guess i have to get some AMD64 boxes... perhaps some hardened and server people should get together and write a short overview... i am in! regards Thilo
pgpUunDsd2D2I.pgp
Description: PGP signature
