From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14086 invoked from network); 25 Sep 2004 17:39:13 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 25 Sep 2004 17:39:13 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CBGVt-00061K-5W for arch-gentoo-dev@lists.gentoo.org; Sat, 25 Sep 2004 17:39:13 +0000 Received: (qmail 19044 invoked by uid 89); 25 Sep 2004 17:39:11 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 23351 invoked from network); 25 Sep 2004 17:39:10 +0000 Date: Sat, 25 Sep 2004 18:35:39 +0100 From: Ciaran McCreesh To: gentoo-dev@lists.gentoo.org Message-ID: <20040925183539.0d549b0b@snowdrop.home> In-Reply-To: <200409251926.32676.blauwers@gentoo.org> References: <4151A04F.5090304@comcast.net> <200409251926.32676.blauwers@gentoo.org> X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Sat__25_Sep_2004_18_35_39_+0100_eE3M1cyqL.MKPhaz" Subject: Re: [gentoo-dev] Stack smash protected daemons X-Archives-Salt: c2aa708d-6634-475a-bb0b-2cfa69376cd1 X-Archives-Hash: 1be5e02b16759cc9a0877873dc87991c --Signature=_Sat__25_Sep_2004_18_35_39_+0100_eE3M1cyqL.MKPhaz Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Sat, 25 Sep 2004 19:26:26 +0200 Bart Lauwers wrote: | 1) Safety is important, it should be our aim to have our | default system as secure as it possibly could be. Uh, no. A *reasonable* level of security is good. "As secure as it possibly could be" means turning on grsec, selinux etc in maximum security mode, which makes a box unusable unless you spend a lot of time screwing around with things. Nothing wrong with that under certain circumstances, of course, but it should *not* be a default. | 3) A good housefather does not leave the front door of any home open | at night. There is a difference between leaving the front door open and installing fifty seven locks on the door. | Anyone who thinks that a speed tradeoff is too much for better | protection is crazy. Do us all a favor and play a go night of russian | roulette by yourself to get your thrills. You could equally say that anyone who is prepared to take a nasty performance hit for possible slight damage mitigation is paranoid. There is a huge difference between "not using ssp" and "playing russian roulette". I kinda wonder about the security FUD certain people are spreading... -- Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox) Mail : ciaranm at gentoo.org Web : http://dev.gentoo.org/~ciaranm --Signature=_Sat__25_Sep_2004_18_35_39_+0100_eE3M1cyqL.MKPhaz Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBVaxv96zL6DUtXhERAkmTAKCra5soYyQ7N9EH+WrCVWZcQ9G5kQCgjBWe H2jg8795xMTtv/nkO7NG7JQ= =gTzw -----END PGP SIGNATURE----- --Signature=_Sat__25_Sep_2004_18_35_39_+0100_eE3M1cyqL.MKPhaz--