1 |
On Tue, Oct 25, 2011 at 10:18 AM, Kacper Kowalik <xarthisius@g.o> wrote: |
2 |
> 2) What's wrong with current approach i.e. having seperate hardened profile? |
3 |
|
4 |
I don't really see the hardened profile and some hardening by default |
5 |
as being redundant. |
6 |
|
7 |
When I think about the hardened profile I think high security at the |
8 |
cost of software compatibility. If you're running a virtual |
9 |
webhosting company you probably don't care that mplayer doesn't work |
10 |
on your virtual hosts but you do care that some zero-day exploit could |
11 |
let somebody escape from their sandbox. |
12 |
|
13 |
The default configuration should aim for a reasonable balance of |
14 |
security and convenience. We still fix or mask known security issues, |
15 |
and we still do stuff like not shipping lots of stuff listening on |
16 |
ports by default. |
17 |
|
18 |
If adding something to CFLAGS makes systems more secure with minimal |
19 |
compatibility or performance problems, then there is no reason not to |
20 |
do it. |
21 |
|
22 |
And "Debian is doing it" or whatever isn't actually a bad reason to |
23 |
consider this. When Debian does something by default, it means that |
24 |
upstream packages will take notice. In fact, you could even see |
25 |
something that today would be strange like having upstream mark a bug |
26 |
report invalid because you DIDN'T have stack protection enabled or |
27 |
whatever. Doing things that are dumb just because others are doing it |
28 |
isn't a good thing, but just being different for the sake of being |
29 |
different isn't either. |
30 |
|
31 |
Rich |