Hardened server and toolchain updates

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Hardened server and toolchain updates

Max Lorenz
Hi all.

On a server I'd normally only update for security and bug fixes or new
stuff I'm interested in and until now I pretty much skipped toolchain
updates. But in the light of the recent binutils, gcc, etc. updates
and as the toolchain contains much of the hardened logic (pie, ssp) my
question is: should I always update to the latest (stable) toolchain
packages, especially from a security POV? I'm running grsecurity and
PaX w/o RBAC if that matters.

Another question. How long will 2.4 kernels be supported by the
Hardened project? Because IIRC grsecurity and RSBAC still recommend
the usage of 2.4 kernels as default.

Thanks in advance,
Max

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: Hardened server and toolchain updates

solar-4
On Mon, 2005-12-05 at 12:04 +0100, Max Lorenz wrote:
> Hi all.
>
> On a server I'd normally only update for security and bug fixes or new
> stuff I'm interested in and until now I pretty much skipped toolchain
> updates. But in the light of the recent binutils, gcc, etc. updates
> and as the toolchain contains much of the hardened logic (pie, ssp) my
> question is: should I always update to the latest (stable) toolchain
> packages, especially from a security POV? I'm running grsecurity and
> PaX w/o RBAC if that matters.


I don't think the toolchain (3.3.x vs 3.4.x) matter from a sec POV.


> Another question. How long will 2.4 kernels be supported by the
> Hardened project? Because IIRC grsecurity and RSBAC still recommend
> the usage of 2.4 kernels as default.

hardened-sources-2.4.32 was marked stable yesterday.
It will be supported till such time as it can't be or all existing
developers have lost interest. I can't really see that happening
anytime soon, but the pace is for sure slowing down.

--
Ned Ludd <[hidden email]>
Gentoo Linux

--
[hidden email] mailing list