|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andre Gironda (andre
operations.net)
Date: Wed Jul 11 2007 - 23:07:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Only ARM v6 supports XN. Programmers don't like using it though because
they can spend their memory on more important things. Memory is expensive
for embedded devices still.
Basically, you could get it to work but then you couldn't get it to run
anything interesting.
Are there any other good grsecurity distro's besides Gentoo Hardened?
Devil-linux and the others listed on distrowatch are lacking, but might be
interesting for your project.
dre
On 7/11/07, Lance M. Havok <lmhinfo-pull.com> wrote:
>
> After reading and playing in the past with gems like Gentoo Embedded
> and Gentoo Hardened, I wonder about the current possibilities *today*
> for developing a portable system deploying grsecurity, PaX and friends
> (even SELinux since they fixed some memory footprint issues time ago,
> but probably still have issues with busybox and shrinking the policy
> to a simplified variant).
>
> Let's think about x86 first, then ARM. What options are available
> right now and how feasible is to use them?
>
> The requirements of buildroot for building the customized system, or
> the usage of Gentoo Embedded. With all the buzz on virtualization
> technologies, 'virtual appliances', etc, the point behind installing
> Unbungu Muslim/Christian Server Edition seems to be moot. There's no
> sense behind virtualization if you run your imapd on the same machine
> as the LDAP monster and get one of them compromised right away. No
> mention to the default configuration of vmware-server's authd, and
> requirement of xinetd.
>
> If you can run a uclibc-based system with a few security enhancements,
> and take less than 100MB for the whole thing including your target
> service, using a full-fledged 'distribution' does not make any sense.
>
> The next question would be: How easy is to update the system images?
> How about batch building them, including services dynamically from a
> profile. vmware-server supports scripting even. How complex is the
> build process itself. Can the toolchain be shared across builds for
> the same platform, and does the 'framework' support that? How about
> things like JFFS not supporting (yet) filesystem extended attributes?
>
> Just a few dumb thoughts.
> PS: Again, let's base this on a x86 compatible platform. It might
> sound cool for a geeky audience to run spender's backdoor on a ARM5
> fridge and let him steal your tacos, but such a thing is not really
> useful except for wasting time.
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]