| 1 |
On Tue, Oct 25, 2011 at 10:18 AM, Kacper Kowalik <xarthisius@g.o> wrote: |
| 2 |
> 2) What's wrong with current approach i.e. having seperate hardened profile? |
| 3 |
|
| 4 |
I don't really see the hardened profile and some hardening by default |
| 5 |
as being redundant. |
| 6 |
|
| 7 |
When I think about the hardened profile I think high security at the |
| 8 |
cost of software compatibility. If you're running a virtual |
| 9 |
webhosting company you probably don't care that mplayer doesn't work |
| 10 |
on your virtual hosts but you do care that some zero-day exploit could |
| 11 |
let somebody escape from their sandbox. |
| 12 |
|
| 13 |
The default configuration should aim for a reasonable balance of |
| 14 |
security and convenience. We still fix or mask known security issues, |
| 15 |
and we still do stuff like not shipping lots of stuff listening on |
| 16 |
ports by default. |
| 17 |
|
| 18 |
If adding something to CFLAGS makes systems more secure with minimal |
| 19 |
compatibility or performance problems, then there is no reason not to |
| 20 |
do it. |
| 21 |
|
| 22 |
And "Debian is doing it" or whatever isn't actually a bad reason to |
| 23 |
consider this. When Debian does something by default, it means that |
| 24 |
upstream packages will take notice. In fact, you could even see |
| 25 |
something that today would be strange like having upstream mark a bug |
| 26 |
report invalid because you DIDN'T have stack protection enabled or |
| 27 |
whatever. Doing things that are dumb just because others are doing it |
| 28 |
isn't a good thing, but just being different for the sake of being |
| 29 |
different isn't either. |
| 30 |
|
| 31 |
Rich |
Archives