Re: Linux Distribution Recomendation

[Vincent <pros-n-cons () bak rr com>]

On Thu, 04 Mar 2004 10:44:05 +0100
peter () devbox adamantix org (Peter Busser) wrote:

> I wonder how much of a performance hit you would call significant. Personally,
> I do not notice a performance difference between a PaX kernel and a non-PaX
> kernel. With the segmentation based protection, the performance impact is
> estimated at 2%.
>
> And then, even if you are right, and the performance impact is indeed
> significant (let's say 20%). Then you just wait 6 months, for the same price
> you will get a 20% faster CPU that will compensate for the impact. If you
> cannot wait 6 months, you simply pay a hundred bucks more now. A small
> investment that really pays off, once you realise how much a successful
> breakin and the resulting downtime costs.
>
> It should be noted that systems like RSBAC (which is used in Adamantix) and
> SELinux are as secure as the kernel is. The recent list of Linux kernel exploits
> show that this security is not exactly perfect. So don't expect miracles from
> systems like that, even though some people would like to make you believe
> otherwise.
>
> Groetjes,
> Peter Busser

Fair enough, significant was the wrong word, I was trying to recall what I
learned between you and Ingo from the debian-devel list a few months back.
Now I see it was the VM issue and full compatibility that still had hurdles.

So the point that security almost always asks for something in return holds true
to some degree.

Attachment: _bin
Description: