On 10/25/11 16:18, Kacper Kowalik wrote:
W dniu 20.10.2011 10:47, "Paweł Hajdan, Jr." pisze:
I've noticed
<http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags>, i.e.
Debian is starting to make more and more hardening features default, at
least for most packages.
Should we start doing that too? What are possible problems with that? It
seems like it's mostly about USE=hardened, right?
Hi,
just a bunch of quick questions from a hardened newbie:
1) Is there are reason to do it beside "Debian is going to do it"?
For most users it has no negative impact. So in terms of cost it is,
analogous to as-needed, a little bit more work for us as maintainers. On
the upside we get the "more secure" thing you don't care about.
And you can still turn it all off, so you have no mandatory changes
(except configuration defaults)
2) What's wrong with current approach i.e. having seperate hardened profile?
Nothing wrong per se, but it would be beneficial to make these paranoia
features more available to users. You can still turn 'em all off, if you
want, so we're basically only suggesting to go from an opt-in to an
opt-out for those features.
3) What are the benefits for an average desktop user or high-performance
cluster?
While answering that, please skip things obvious like having "more
secure box".
From that perspective none, but for those of us that do other things
(like running public-facing servers) it lets us sleep a bit better at night.
Counter-question would be what's the downside - I've seen no benchmarks
that show a serious performance impact for most features (last time I
looked most of the PaX kernel features are <1% runtime cost)
