On 10/20/2011 08:57 AM, Mike Frysinger wrote: > On Thursday 20 October 2011 08:41:55 Rich Freeman wrote: >> 2011/10/20 Tomáš Chvátal: >>> I would say that most hardened features should be merged to to main >>> profile as soon as they won't cause major PITA for the regular users. >> I agree - especially for stuff that doesn't require active setup >> (stack protection, PaX, etc). > except PaX requires kernel patches and is known to break things. not an > acceptable default. > -mike I would not recommend PaX at this time. As Mike said, it breaks things, sometimes important things. Eg. python ctypes was broken there for a while on hardened. Also, unlike toolchain, it requires that you configure your kernel correctly, ie have familiarity with what works and what doesn't under certain PaX features. This may be trivial for us, but might be more than we want to put newbies through.
-- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : bluen...@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
