Only ARM v6 supports XN. Programmers don't like using it though because they can spend their memory on more important things. Memory is expensive for embedded devices still.<br><br>Basically, you could get it to work but then you couldn't get it to run anything interesting.
<br><br>Are there any other good grsecurity distro's besides Gentoo Hardened? Devil-linux and the others listed on distrowatch are lacking, but might be interesting for your project.<br><br>dre<br><br><div><span class="gmail_quote">
On 7/11/07, <b class="gmail_sendername">Lance M. Havok</b> <<a href="mailto:lmh@info-pull.com">lmh@info-pull.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
After reading and playing in the past with gems like Gentoo Embedded<br>and Gentoo Hardened, I wonder about the current possibilities *today*<br>for developing a portable system deploying grsecurity, PaX and friends<br>(even SELinux since they fixed some memory footprint issues time ago,
<br>but probably still have issues with busybox and shrinking the policy<br>to a simplified variant).<br><br>Let's think about x86 first, then ARM. What options are available<br>right now and how feasible is to use them?
<br><br>The requirements of buildroot for building the customized system, or<br>the usage of Gentoo Embedded. With all the buzz on virtualization<br>technologies, 'virtual appliances', etc, the point behind installing
<br>Unbungu Muslim/Christian Server Edition seems to be moot. There's no<br>sense behind virtualization if you run your imapd on the same machine<br>as the LDAP monster and get one of them compromised right away. No<br>
mention to the default configuration of vmware-server's authd, and<br>requirement of xinetd.<br><br>If you can run a uclibc-based system with a few security enhancements,<br>and take less than 100MB for the whole thing including your target
<br>service, using a full-fledged 'distribution' does not make any sense.<br><br>The next question would be: How easy is to update the system images?<br>How about batch building them, including services dynamically from a
<br>profile. vmware-server supports scripting even. How complex is the<br>build process itself. Can the toolchain be shared across builds for<br>the same platform, and does the 'framework' support that? How about<br>
things like JFFS not supporting (yet) filesystem extended attributes?<br><br>Just a few dumb thoughts.<br>PS: Again, let's base this on a x86 compatible platform. It might<br>sound cool for a geeky audience to run spender's backdoor on a ARM5
<br>fridge and let him steal your tacos, but such a thing is not really<br>useful except for wasting time.<br>_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunitysec.com">
Dailydave@lists.immunitysec.com</a><br><a href="http://lists.immunitysec.com/mailman/listinfo/dailydave">http://lists.immunitysec.com/mailman/listinfo/dailydave</a><br></blockquote></div><br>