[tor-talk] What's to be Done

Seth list at sysfu.com
Mon Aug 24 18:26:59 UTC 2015


On Mon, 24 Aug 2015 09:26:58 -0700, Apple Apple  
<djjdjdjdjdjdjd32 at gmail.com> wrote:

> It's not a Debian specific problem. Even "Security Conscious" distros  
> like
> Fedora only build a dozen or so key packages with pic and ssp because of
> performance concerns. Address sanatizor is obviously out of the question.
>
> Then of course Linux does not have proper ASLR without 3rd party kernel
> patches anyway making pie pretty pointless.
>
> There is a good article out there on why rsbac does not use lsm, I
> recommend you read it if you do not understand the current security vs
> performance dynamic within Linux. You should also read up on the history  
> of
> Pax and ask why it is not in the mainline Linux tree.
>
> For whoever asked about previous Debian specific attempts I suggest you
> look into a project called mempo, now defunct of course.
>
> Given what I've said above we return to my original point. No mainstream
> distro, especially Debian, is willing to pay the cost (mostly  
> performance)
> for adding meaningful security. If your plan is to try to bulldoze all  
> this
> stuff into Debian testing, that's not going to work...

I'm curious if any one on the list is able to determine how many of the  
above issues have already been addressed by the OpenBSD project.


More information about the tor-talk mailing list