Re: PaX on Debian
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jerome Warnier wrote:
| You would probably be interested in Adamantix, which used to be called
| TrustedDebian.
| http://www.adamantix.org/
|
Not interested.
I know what Adamantix is. It is a full blown secured distribution which
tacks on ACL systems and other things. This creates a non-transparent,
complex environment.
I'm suggesting that the most transparent and easy to implement features
of systems such as Adamantix and Hardened Gentoo be used on the base of
Debian, because they offer great security gains with little overhead and
no added complexity to the end user.
Think of it this way: Adamantix prevents really really determined
crackers from breaking into your system and doing damage; and a simple
PaX/pie/ssp base prevents immature 12 year old skr1pt33k1dd13z h4x0rz
who think they're l33t from making Sasser or MSBlast type worms that
actually work on these systems.
On the whole, nobody cares about you. You don't need a USB stick with
your 4096 bit RSA key to boot your drive. You don't need 5 extra
passwords for your SELinux roles. You don't need to mess with Prelude.
~ There are still situations where things are made just to spread,
regardless of who you are or what you do. You need protection; and an
antivirus program isn't ideal for this.
| Thought you could be interested...
Thanks. Seen it though, not interested. It's way too excessive for
just home users.
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitely stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBA/zMhDd4aOud5P8RAlf1AJ9euGjUBSA6bBmcfQKqfG1sADmjsQCfe5IL
2s4rKZV1E5V/ElOuBu38u3s=
=zI3d
-----END PGP SIGNATURE-----
Reply to: