Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

CC to the users list because this is a interesting topic at all

Am 29.03.2013 18:48, schrieb John Reiser:
>> Thinking from a security perspective, I find "Hardening flags can only
>> be disabled for other packages at the maintainer's discretion provided
>> enough justification is given to FESCo" to be more appropriate.
> 
> -fPIE code is larger and takes longer to execute.  The cost varies from
> minimal (< 2%) in many cases to 10% or more for "non-dynamic" arrays on i686

i686 becomes more or less dead

there could be made a difference in SPEC-files to in border
cases only harden the x86_64 binaries because in context
of servers i686 is already dead except legacy systems which
are not relevant for recent fedora versions

> -fPIE for Thumb mode on ARM is particularly painful.
> 
> RELRO can cost one extra page of physical RAM per process because the placement
> of the RELRO region tends to increase fragmentation and decrease sharability.
> 
> I suggest that any requirement for increased hardening be restricted to only
> those programs which execute with elevated privileges.  The package maintainer
> should retain primary discretion for anything which executes with "ordinary"
> user privileges

wrong point of view

the question is what data a binary is supposed to get as input
the "ordinary users privileges" doe snot help you much in case
of local root exploits and keep also in mind that in context of
network-serrvices or software which typically communicates
with foreign network-services a "local exploit" very fast
becomes a "remote exploit"

example:
* foreign user uploads images / pdf-files to a web-form
* on the server side imagemagick or poppler libs proceed the data
* if these libraries are vulerable by the input file and at the
  same moment a local root exploit is not fixed on the machine
  you are very soon in the situation of a root-exploit
* please do not argue with "but you need this and this AND this"
  the expierience of the last years shows how creative attackers
  are acting with RANDOM input data

yes performance matters

yes i am the first who likes optimized binaries
but NOT for the price of weaker security

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux