From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RIiHO-0004ip-L8 for garchives@archives.gentoo.org; Tue, 25 Oct 2011 14:47:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0652F21C04E; Tue, 25 Oct 2011 14:46:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id B8B6021C022 for ; Tue, 25 Oct 2011 14:46:24 +0000 (UTC) Received: from [192.168.2.3] (dslb-084-058-164-210.pools.arcor-ip.net [84.58.164.210]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: patrick) by smtp.gentoo.org (Postfix) with ESMTPSA id E8124654CD for ; Tue, 25 Oct 2011 14:46:23 +0000 (UTC) Message-ID: <4EA6CBE0.9070500@gentoo.org> Date: Tue, 25 Oct 2011 16:46:56 +0200 From: Patrick Lauer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Moving more hardening features to default? References: <4E9FE012.5080703@gentoo.org> <4EA6C548.3070206@gentoo.org> In-Reply-To: <4EA6C548.3070206@gentoo.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: dcf7d270e62390046b2ab2b37955dc67 On 10/25/11 16:18, Kacper Kowalik wrote: > W dniu 20.10.2011 10:47, "Pawe=C5=82 Hajdan, Jr." pisze: >> I've noticed >> , i.e= . >> Debian is starting to make more and more hardening features default, a= t >> least for most packages. >> >> Should we start doing that too? What are possible problems with that? = It >> seems like it's mostly about USE=3Dhardened, right? > Hi, > just a bunch of quick questions from a hardened newbie: > > 1) Is there are reason to do it beside "Debian is going to do it"? For most users it has no negative impact. So in terms of cost it is,=20 analogous to as-needed, a little bit more work for us as maintainers. On=20 the upside we get the "more secure" thing you don't care about. And you can still turn it all off, so you have no mandatory changes=20 (except configuration defaults) > 2) What's wrong with current approach i.e. having seperate hardened pro= file? Nothing wrong per se, but it would be beneficial to make these paranoia=20 features more available to users. You can still turn 'em all off, if you=20 want, so we're basically only suggesting to go from an opt-in to an=20 opt-out for those features. > 3) What are the benefits for an average desktop user or high-performanc= e > cluster? > > While answering that, please skip things obvious like having "more > secure box". From that perspective none, but for those of us that do other things=20 (like running public-facing servers) it lets us sleep a bit better at nig= ht. Counter-question would be what's the downside - I've seen no benchmarks=20 that show a serious performance impact for most features (last time I=20 looked most of the PaX kernel features are <1% runtime cost)