Security Basics mailing list archives
Re: Linux Distribution Recomendation
From: peter () devbox adamantix org (Peter Busser)
Date: Thu, 11 Mar 2004 10:47:41 +0100
Hi! [About security features costing a significant amount of performance]
Fair enough, significant was the wrong word, I was trying to recall what I learned between you and Ingo from the debian-devel list a few months back. Now I see it was the VM issue and full compatibility that still had hurdles.
Yeah, this stuff has more impact on the compatibility level than on the performance level. But it is possible to make even the Sun Java environment to work on a PaX kernel with a bit of tweaking, so it isn't all that bad. Especially because most programs and libraries simply work without any extra work. The debian-devel discussion was mostly about Russel Coker and Ingo's claims that his patch does everything that PaX does, without breaking compatibility. That is simply not true. It provides less protection and even then still breaks compatibility. You cannot download the XFree86 source code, recompile it with ELFLoader module support and run it as is on his kernel patch. I respect the fact that people make trade-offs, OpenBSD made similar trade-offs. Basically they trade in a bit of security for a bit of compatibility. That is ok, if compatibility is more important than security. What troubles me is the lack of openness about it. I mean, some people try to make it look as if there is no trade-off, i.e. that they provide full security AND full compatibility. That is simply not true.
So the point that security almost always asks for something in return holds true to some degree.
Right! Groetjes, Peter Busser --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Linux Distribution Recomendation, (continued)
- Re: Linux Distribution Recomendation Michael Gale (Mar 08)
- RE: Linux Distribution Recomendation Rod Trent (Mar 09)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation Byron Sonne (Mar 09)
- Re: Linux Distribution Recomendation Markus Schabel (Mar 03)
- Re: Linux Distribution Recomendation D.E. Chadbourne (Mar 03)
- Re: Linux Distribution Recomendation Brian Whitehead (Mar 03)
- Re: Linux Distribution Recomendation Vincent (Mar 03)
- Re: Linux Distribution Recomendation Peter Busser (Mar 04)
- Re: Linux Distribution Recomendation Vincent (Mar 08)
- Re: Linux Distribution Recomendation Peter Busser (Mar 11)
- Re: Linux Distribution Recomendation Vincent (Mar 15)
- Re: Linux Distribution Recomendation Peter Busser (Mar 16)
- Re: Linux Distribution Recomendation Peter Busser (Mar 04)
- Re: Linux Distribution Recomendation Peter Busser (Mar 08)