Mike Kazantsev schrieb: > On Sat, 22 Aug 2009 21:11:10 +0200 > Florian Philipp <li...@f_philipp.fastmail.net> wrote: > >> I'm wondering what you think about CFLAGS="-fstack-protector"? Do you >> use it on security critical systems? Do you compile your kernel with it >> (2.6.30+)? Is the performance decrease noticeable? > > I might be missing a point, but if you want really secure kernel, why'd > you use 2.6.30+ instead of hardened-sources something like PaX and > grsecurity? >
In this particular case, the system is a vserver client. The kernel is out of my reach. I only have control about userspace. In general, I thought this might be a simple improvement which doesn't need all the fuzz a hardened system would need (esp. for desktop systems and such alike).
signature.asc
Description: OpenPGP digital signature