[EMAIL PROTECTED] wrote:
>Holly Bostick <[EMAIL PROTECTED]> wrote:
>
>
>>Michael Haan schreef:
>>
>>
>>>I *think* I know what they are, what risk do I run by using them?
>>>
>>>
>>>
>...
>
>
>>The kernel doesn't get any more risk-free than vanilla-sources, because
>>if those sources are broken then Linux is broken.
>>
>>
>
>Uh oh, in that case we all are in trouble! :)
>
>I grab my sources directly from kernel.org and then apply the patch
>from grsecurity.org. Then I can choose what security features to
>enable, and it's a little adventure. What I used to do (when I was
>running Slackware rather than Gentoo) is grab kernel.org sources and
>then apply the patch from openwall.com, and there also I could choose
>security features, though there was less adventure. :) There's a lot
>of room for doing things differently from the kernel sources that
>happen to be in portage.
>
>Generally speaking, if you are concerned about security you would want
>to use Linux 2.4 (or perhaps even 2.2 or 2.0) instead of Linux 2.6,
>but with Gentoo AMD64 only 2.6 is supported, so you work with what
>you've got.
>
>
>
Hi,
Better to use 'hardened-sources' (former 'hardened-dev-sources') if it's
available on AMD-64 profiles.
It includes vanilla-sources + grsecurity v.2.1.5.... IIRC.
Of course it's up to you to config it (the kernel) as you like, Thus you
save time/problems with a custom kernel-patch part.
There's nothing wrong to make all this yourself, could additionally
customize some things. Choice is your's.
PS: haven't checked but think not all things are backported to 2.4 even
less to 2.2, evolution is very dynamic here.
Again the choice is up to you, gentoo is just giving you the tools
(better or worst) to do it.
HTH. Rumen
--
gentoo-user@gentoo.org mailing list
