Gentoo Archives: gentoo-dev

From: Francesco Riosa <vivo75@×××××.com>
To: gentoo-dev@l.g.o, "Anthony G. Basile" <blueness@g.o>
Subject: Re: [gentoo-dev] Regarding the State of PaX in the tree
Date: Mon, 16 Apr 2018 14:26:30
In Reply to: Re: [gentoo-dev] Regarding the State of PaX in the tree by "Anthony G. Basile"
Il 16/04/2018 14:31, Anthony G. Basile ha scritto:
> On 4/16/18 5:14 AM, Hanno Böck wrote:
> >> >> There's also another question related to this: What's the future for >> Gentoo hardened? >> From what I can tell hardened consists of: >> * the things that try to make it compatible with grsec/pax >> (more or less obsolete). >> * things that are now in default profiles anyway (aslr, stack >> protector). >> * things that probably should be in default profiles (relro, now linker >> flags) >> * -fstack-check, which should eventually be replaced with >> -fstack-clash-protection (only available in future gcc's) and that >> should probably also go into default profiles. >> * Furthermore hardened disables some useful features due to their >> incompatibility with pax (e.g. sanitizers). >> >> So it's stuff that either is obsolete or probably should be a candidate >> for main profiles. Maybe we should strive for "hardened-by-default". >> > You're forgetting selinux. Most of Zorry's work has made it into gcc > and is now being enabled by our default toolchain. Some kernel features > have also been improved upstream. With upstream carrying a lot of the > work we did, I think 'hardened-by-default' minus selinux should be the > goal of Gentoo. >
Hardened had strong impact in some workflows, surpassing 10%. Overhead could be acceptable in some situation but unwanted in others, main profiles are obscure and difficult to change for most. For this reason I'd like to ask to carefully evaluate if a security feature can be enabled without suddently change the behaviour (worse performances) of a machine running Gentoo. Instead it would be good to have a guide on how to further harden any profile. If the hardening at any cost argument wins however we MUST have a guide on ho to disable at least the most impactful options.