I was recently told that the Hardened Xorg guide was potentially confusing with regards to Binary ATI drivers. Attached is a patch to hopefully clear up the wording.
Created attachment 40322 [details, diff] hardenedxorg.patch
Created attachment 40323 [details, diff] hardenedxorg.patch Forgot the date.
Created attachment 40545 [details, diff] dlloader_explained.patch With some help from Kevin Quinn I have greatly expanded this guide in detail to explain why dlloader is a much better choice. I also cleared up some of the wording and made the module loading section more readable.
patch added to cvs
closing bug
Created attachment 41531 [details, diff] hardenedxorg-nonow.patch This wraps up the changes in bug #64618. Now that the -nonow patch is in 6.8.0-r2 I reworked this document a lot. I completely dropped everything about manual symbol resolution since that is no longer needed. I also added captions to my code listing boxes and fixed a few typos. Finally, I added a new PaX flags section at the bottom with comments from solar from bug #64618 as well as a similar discussion on IRC. Updated html can be viewed at http://tocharian.ath.cx/hardened/hardenedxorg.html
Now that I have had a chance to do a bit of testing I can verify that PaX flags -PS and -R seem good to go with Xorg and dlloader. However, I can't seem to reproduce the slowdown with -M, I don't notice any difference in performance with it on or off. I put my results here: http://tocharian.ath.cx/hardened/xorg-pax In any case, reopening bug so new patch can be noticed.
'M' seems to depend on the drivers loaded. The PaX Team checked out the kill msgs from my box with new xorg and it appears to still be some runtime code generation. I have - PaX flags: P-S--m-x-eR- [/usr/X11R6/bin/Xorg] Section "Module" Load "vgahw" Load "dbe" # Double buffer extension Load "extmod" Load "type1" Load "freetype" Load "GLcore" Load "glx" EndSection
Comment on attachment 41531 [details, diff] hardenedxorg-nonow.patch Changes InCVS
Closed
This doc needs a small update to note that hardened users should be using the latest xorg.
Created attachment 45312 [details, diff] xorgrevision.patch
Comment on attachment 45312 [details, diff] xorgrevision.patch patch 2004-12-04 InCVS thanks for update.
Closing as FIXED
