Expanding the list of "Hardened Packages"
h.reindl at thelounge.net
Fri Mar 29 18:02:58 UTC 2013
CC to the users list because this is a interesting topic at all
Am 29.03.2013 18:48, schrieb John Reiser:
>> Thinking from a security perspective, I find "Hardening flags can only
>> be disabled for other packages at the maintainer's discretion provided
>> enough justification is given to FESCo" to be more appropriate.
> -fPIE code is larger and takes longer to execute. The cost varies from
> minimal (< 2%) in many cases to 10% or more for "non-dynamic" arrays on i686
i686 becomes more or less dead
there could be made a difference in SPEC-files to in border
cases only harden the x86_64 binaries because in context
of servers i686 is already dead except legacy systems which
are not relevant for recent fedora versions
> -fPIE for Thumb mode on ARM is particularly painful.
> RELRO can cost one extra page of physical RAM per process because the placement
> of the RELRO region tends to increase fragmentation and decrease sharability.
> I suggest that any requirement for increased hardening be restricted to only
> those programs which execute with elevated privileges. The package maintainer
> should retain primary discretion for anything which executes with "ordinary"
> user privileges
wrong point of view
the question is what data a binary is supposed to get as input
the "ordinary users privileges" doe snot help you much in case
of local root exploits and keep also in mind that in context of
network-serrvices or software which typically communicates
with foreign network-services a "local exploit" very fast
becomes a "remote exploit"
* foreign user uploads images / pdf-files to a web-form
* on the server side imagemagick or poppler libs proceed the data
* if these libraries are vulerable by the input file and at the
same moment a local root exploit is not fixed on the machine
you are very soon in the situation of a root-exploit
* please do not argue with "but you need this and this AND this"
the expierience of the last years shows how creative attackers
are acting with RANDOM input data
yes performance matters
yes i am the first who likes optimized binaries
but NOT for the price of weaker security
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the users