CC to the users list because this is a interesting topic at all Am 29.03.2013 18:48, schrieb John Reiser: >> Thinking from a security perspective, I find "Hardening flags can only >> be disabled for other packages at the maintainer's discretion provided >> enough justification is given to FESCo" to be more appropriate. > > -fPIE code is larger and takes longer to execute. The cost varies from > minimal (< 2%) in many cases to 10% or more for "non-dynamic" arrays on i686 i686 becomes more or less dead there could be made a difference in SPEC-files to in border cases only harden the x86_64 binaries because in context of servers i686 is already dead except legacy systems which are not relevant for recent fedora versions > -fPIE for Thumb mode on ARM is particularly painful. > > RELRO can cost one extra page of physical RAM per process because the placement > of the RELRO region tends to increase fragmentation and decrease sharability. > > I suggest that any requirement for increased hardening be restricted to only > those programs which execute with elevated privileges. The package maintainer > should retain primary discretion for anything which executes with "ordinary" > user privileges wrong point of view the question is what data a binary is supposed to get as input the "ordinary users privileges" doe snot help you much in case of local root exploits and keep also in mind that in context of network-serrvices or software which typically communicates with foreign network-services a "local exploit" very fast becomes a "remote exploit" example: * foreign user uploads images / pdf-files to a web-form * on the server side imagemagick or poppler libs proceed the data * if these libraries are vulerable by the input file and at the same moment a local root exploit is not fixed on the machine you are very soon in the situation of a root-exploit * please do not argue with "but you need this and this AND this" the expierience of the last years shows how creative attackers are acting with RANDOM input data yes performance matters yes i am the first who likes optimized binaries but NOT for the price of weaker security
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
