On Wed, Dec 07, 2022 at 09:02:36AM +0100, Vitaly Zaitsev via devel wrote:
On 06/12/2022 23:20, Michael Catanzaro via devel wrote:
> Even if extra bounds checking makes code 10% slower, which seems very unlikely, the
benefit of the extra hardening would still be worth it. _FORTIFY_SOURCE=3 is going to make
it harder to hack Fedora users, converting code execution vulnerabilities into denial of
service vulnerabilities.
No, it doesn't. 3% maximum is acceptable in this case.
Me and all my friends use mitigations=off. A huge performance penalty for
the sake of potential vulnerabilities that still need to be able to exploit.
Don't assume that your insecure usage is typical of Fedora's userbase
as a whole. I doubt most people even know that mitigations=off is a
thing, nor even notice the performance penalty of the mitigations
enough to want to turn it off.
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|