Security Basics mailing list archives
Re: Linux Distribution Recomendation
From: Vincent <pros-n-cons () bak rr com>
Date: Thu, 4 Mar 2004 20:17:47 -0800
On Thu, 04 Mar 2004 10:44:05 +0100 peter () devbox adamantix org (Peter Busser) wrote:
I wonder how much of a performance hit you would call significant. Personally, I do not notice a performance difference between a PaX kernel and a non-PaX kernel. With the segmentation based protection, the performance impact is estimated at 2%. And then, even if you are right, and the performance impact is indeed significant (let's say 20%). Then you just wait 6 months, for the same price you will get a 20% faster CPU that will compensate for the impact. If you cannot wait 6 months, you simply pay a hundred bucks more now. A small investment that really pays off, once you realise how much a successful breakin and the resulting downtime costs. It should be noted that systems like RSBAC (which is used in Adamantix) and SELinux are as secure as the kernel is. The recent list of Linux kernel exploits show that this security is not exactly perfect. So don't expect miracles from systems like that, even though some people would like to make you believe otherwise. Groetjes, Peter Busser
Fair enough, significant was the wrong word, I was trying to recall what I learned between you and Ingo from the debian-devel list a few months back. Now I see it was the VM issue and full compatibility that still had hurdles. So the point that security almost always asks for something in return holds true to some degree.
Attachment:
_bin
Description:
Current thread:
- Re: Linux Distribution Recomendation, (continued)
- Re: Linux Distribution Recomendation Peter Busser (Mar 12)
- Re: Linux Distribution Recomendation Michael Gale (Mar 08)
- RE: Linux Distribution Recomendation Rod Trent (Mar 09)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation Byron Sonne (Mar 09)
- Re: Linux Distribution Recomendation Markus Schabel (Mar 03)
- Re: Linux Distribution Recomendation D.E. Chadbourne (Mar 03)
- Re: Linux Distribution Recomendation Brian Whitehead (Mar 03)
- Re: Linux Distribution Recomendation Vincent (Mar 03)
- Re: Linux Distribution Recomendation Peter Busser (Mar 04)
- Re: Linux Distribution Recomendation Vincent (Mar 08)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation Vincent (Mar 15)
- Re: Linux Distribution Recomendation Peter Busser (Mar 16)
- Re: Linux Distribution Recomendation Peter Busser (Mar 04)
- Re: Linux Distribution Recomendation Peter Busser (Mar 08)