Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Chris Wright (chris_at_wirex.com)
Date: Fri Jul 19 2002 - 12:51:06 CDT
* nero one (nero_oneryahoo.com) wrote:
> I'm told and just wnat to confirm that I get the same level of
> protection then the immunix supplied RPMS. That is to say, for example,
> that (program name) when fully compiled from source will be as equally
> secure as doing an rpm -Uvh of the same program name? There are no extra
> security 'goodies' bundled in *_imnx.i386.rpm ?
A *_imnx.i386.rpm has two things that the tarball doesn't:
- spec file checks to be positive you are compiling with StackGuard and
FormatGuard protection. not a real issue if you have no other
compilers or glibc's installed.
- FormatGuard and possibly other security related patches. not a big
deal if you are creating your own FG patches, and pulling tarballs
that have latest security patches applied.
So, as you can see...compiling from a tarball doesn't inherently mean
you are missing some special Immunix bassed protection.
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ Immunix-users mailing list Immunix-usersmail.wirex.com http://mail.wirex.com/mailman/listinfo/immunix-users