[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What's to be Done

On Mon, 24 Aug 2015 09:26:58 -0700, Apple Apple <djjdjdjdjdjdjd32@xxxxxxxxx> wrote:

It's not a Debian specific problem. Even "Security Conscious" distros like
Fedora only build a dozen or so key packages with pic and ssp because of
performance concerns. Address sanatizor is obviously out of the question.

Then of course Linux does not have proper ASLR without 3rd party kernel
patches anyway making pie pretty pointless.

There is a good article out there on why rsbac does not use lsm, I
recommend you read it if you do not understand the current security vs
performance dynamic within Linux. You should also read up on the history of
Pax and ask why it is not in the mainline Linux tree.

For whoever asked about previous Debian specific attempts I suggest you
look into a project called mempo, now defunct of course.

Given what I've said above we return to my original point. No mainstream
distro, especially Debian, is willing to pay the cost (mostly performance) for adding meaningful security. If your plan is to try to bulldoze all this
stuff into Debian testing, that's not going to work...

I'm curious if any one on the list is able to determine how many of the above issues have already been addressed by the OpenBSD project.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to