| 1 |
On 21/02/2014 16:15, hasufell wrote: |
| 2 |
> Alan McKinnon: |
| 3 |
>> On 20/02/2014 22:41, Nicolas Sebrecht wrote: |
| 4 |
>>> On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko |
| 5 |
>>> wrote: |
| 6 |
>>> |
| 7 |
>>>> And this point is one of the highest security benefits in real |
| 8 |
>>>> world: one have non-standard binaries, not available in the |
| 9 |
>>>> wild. Most exploits will fail on such binaries even if |
| 10 |
>>>> vulnerability is still there. |
| 11 |
>>> |
| 12 |
>>> While excluding few security issues by compiling less code is |
| 13 |
>>> possible, believing that "non-standard binaries" (in the sense of |
| 14 |
>>> "compiled for with local compilation flags") gives more security |
| 15 |
>>> is a dangerous dream. |
| 16 |
>>> |
| 17 |
> |
| 18 |
> |
| 19 |
>> +1 |
| 20 |
> |
| 21 |
>> "non-standard binaries" is really just a special form of security |
| 22 |
>> by obscurity. |
| 23 |
> |
| 24 |
> So you are saying compiling a minimal kernel to minimize exposure to |
| 25 |
> subsystem bugs is only obscurity? (I really wonder what Greg would say |
| 26 |
> to this) |
| 27 |
|
| 28 |
No, I'm saying that I pay RedHat large sums of money to look after this |
| 29 |
on my behalf and that money is wasted if I build a custom kernel on that |
| 30 |
machine. |
| 31 |
|
| 32 |
RedHat has a vested interest in doing this right (it's the product they |
| 33 |
sell) and they have more engineering resources to apply to the problem |
| 34 |
than I can ever raise. The odds favour RedHat often getting this right |
| 35 |
and me often getting it wrong, simply because I don't have the unit |
| 36 |
testing facilities required and my employer doesn't employ OS builders. |
| 37 |
|
| 38 |
I won't permit Gentoo to be used in production here for precisely that |
| 39 |
reason - I can't provide the test guarantees the business and |
| 40 |
shareholders demand. |
| 41 |
|
| 42 |
|
| 43 |
> The argument that this particular setup may be less tested is a valid |
| 44 |
> one. But less tested also means less commonly known exploits and |
| 45 |
> testing these setups is a win-win for users and upstream. |
| 46 |
> |
| 47 |
> Whether you like it or not... whenever you install software on a |
| 48 |
> server, you become a tester at the same point. |
| 49 |
|
| 50 |
Proper testing carries a onerous burden. I've yet to find a enterprise |
| 51 |
anywhere in the world that does it right outside of their core business. |
| 52 |
Instead, they pay someone else to do it. |
| 53 |
|
| 54 |
-- |
| 55 |
Alan McKinnon |
| 56 |
alan.mckinnon@×××××.com |
Archives