| 1 |
Ciaran McCreesh wrote: |
| 2 |
|
| 3 |
> Eh, whatever. It seems that certain people are obsessed with screwing |
| 4 |
> over our users by default for little gain, and somehow have this strange |
| 5 |
> notion that anything which has the word security in it is suddenly of |
| 6 |
> vital importance at the expense of absolutely everything else. |
| 7 |
> |
| 8 |
> But hey, it's 'security', so it must be right! *sigh* |
| 9 |
|
| 10 |
No, security is just a trade-off. You evaluate a specific countermeasure |
| 11 |
based on what you're trying to protect, how the solution mitigates that |
| 12 |
risk, what other risks it creates and what other trade-offs it requires. |
| 13 |
|
| 14 |
Here you're trying to protect your computer from being abused, be it for |
| 15 |
the information is contains (get information about you) or the computing |
| 16 |
power it offers (host porn or send spam with your resources). Overflows |
| 17 |
represent a significant percentage of attack vectors, and most of them |
| 18 |
are prevented using the SSP "band-aid", pending a thorough audit of all |
| 19 |
software used. What other risks does it create ? None significant I can |
| 20 |
think of. What other trade-offs does it require ? A slight performance |
| 21 |
hit and SSP compatibility bugs entering bugzilla. |
| 22 |
|
| 23 |
So is it worth it ? It obviously depends on you. I would say yes, not |
| 24 |
because there is the word 'security' on it, but because my analysis |
| 25 |
tells me that the slight performance hit is worth the added security, |
| 26 |
and I think we can support SSP specific bugs. You would say no. |
| 27 |
|
| 28 |
-- |
| 29 |
Koon |
| 30 |
Gentoo Linux Security Team |
Archives