From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RIigA-0003ez-Dn for garchives@archives.gentoo.org; Tue, 25 Oct 2011 15:12:38 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 53E4C21C070; Tue, 25 Oct 2011 15:12:29 +0000 (UTC) Received: from mail-bw0-f53.google.com (mail-bw0-f53.google.com [209.85.214.53]) by pigeon.gentoo.org (Postfix) with ESMTP id F359C21C035 for ; Tue, 25 Oct 2011 15:11:59 +0000 (UTC) Received: by bkbzv3 with SMTP id zv3so314808bkb.40 for ; Tue, 25 Oct 2011 08:11:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=TnuLBf5U7vO7vwOx51m+ePNiFvPgBk2PS1ygJTHfNpU=; b=vR19u8Ykbp2TNQ/jTrnRf15ZtYEhaiglvjqgwILANB3Va6VQoKOiA/ib479kwpFkxh S2a94Gv1D6m4dqCldCDXsqhxLU4wXH3ZGnh9OIre89HRjNSrsOC8Sx/utzycS7FllxCe rBqZBHaWQdMXCC98MOniVH7LmD+Kqu/QA/CaM= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.204.156.143 with SMTP id x15mr21262835bkw.28.1319555519043; Tue, 25 Oct 2011 08:11:59 -0700 (PDT) Sender: freemanrich@gmail.com Received: by 10.204.56.65 with HTTP; Tue, 25 Oct 2011 08:11:58 -0700 (PDT) In-Reply-To: <4EA6C548.3070206@gentoo.org> References: <4E9FE012.5080703@gentoo.org> <4EA6C548.3070206@gentoo.org> Date: Tue, 25 Oct 2011 11:11:58 -0400 X-Google-Sender-Auth: tmlcqOLrIdCwx64YdjkLSpOH-1Y Message-ID: Subject: Re: [gentoo-dev] Moving more hardening features to default? From: Rich Freeman To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: X-Archives-Hash: 356c3032d1c5a61bdb57a248f69027f0 On Tue, Oct 25, 2011 at 10:18 AM, Kacper Kowalik wrote: > 2) What's wrong with current approach i.e. having seperate hardened profile? I don't really see the hardened profile and some hardening by default as being redundant. When I think about the hardened profile I think high security at the cost of software compatibility. If you're running a virtual webhosting company you probably don't care that mplayer doesn't work on your virtual hosts but you do care that some zero-day exploit could let somebody escape from their sandbox. The default configuration should aim for a reasonable balance of security and convenience. We still fix or mask known security issues, and we still do stuff like not shipping lots of stuff listening on ports by default. If adding something to CFLAGS makes systems more secure with minimal compatibility or performance problems, then there is no reason not to do it. And "Debian is doing it" or whatever isn't actually a bad reason to consider this. When Debian does something by default, it means that upstream packages will take notice. In fact, you could even see something that today would be strange like having upstream mark a bug report invalid because you DIDN'T have stack protection enabled or whatever. Doing things that are dumb just because others are doing it isn't a good thing, but just being different for the sake of being different isn't either. Rich