Security Basics mailing list archives

Re: Linux Distribution Recomendation

From: peter () devbox adamantix org (Peter Busser)
Date: Thu, 11 Mar 2004 10:47:41 +0100

Hi!

[About security features costing a significant amount of performance]

Fair enough, significant was the wrong word, I was trying to recall what I
learned between you and Ingo from the debian-devel list a few months back.
Now I see it was the VM issue and full compatibility that still had hurdles.


Yeah, this stuff has more impact on the compatibility level than on the
performance level. But it is possible to make even the Sun Java environment
to work on a PaX kernel with a bit of tweaking, so it isn't all that bad.
Especially because most programs and libraries simply work without any extra
work.

The debian-devel discussion was mostly about Russel Coker and Ingo's claims
that his patch does everything that PaX does, without breaking compatibility.
That is simply not true. It provides less protection and even then still
breaks compatibility. You cannot download the XFree86 source code, recompile
it with ELFLoader module support and run it as is on his kernel patch. I
respect the fact that people make trade-offs, OpenBSD made similar trade-offs.
Basically they trade in a bit of security for a bit of compatibility. That is
ok, if compatibility is more important than security.

What troubles me is the lack of openness about it. I mean, some people try to
make it look as if there is no trade-off, i.e. that they provide full security
AND full compatibility. That is simply not true.

So the point that security almost always asks for something in return holds true
to some degree.


Right!

Groetjes,
Peter Busser

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Re: Linux Distribution Recomendation, (continued)
- - - Re: Linux Distribution Recomendation Michael Gale (Mar 08)
    - RE: Linux Distribution Recomendation Rod Trent (Mar 09)
    - Re: Linux Distribution Recomendation Peter Busser (Mar 11)
    - Re: Linux Distribution Recomendation Byron Sonne (Mar 09)
- Re: Linux Distribution Recomendation Markus Schabel (Mar 03)
- Re: Linux Distribution Recomendation D.E. Chadbourne (Mar 03)
- Re: Linux Distribution Recomendation Brian Whitehead (Mar 03)
- Re: Linux Distribution Recomendation Vincent (Mar 03)
  - Re: Linux Distribution Recomendation Peter Busser (Mar 04)
    - Re: Linux Distribution Recomendation Vincent (Mar 08)
    - Re: Linux Distribution Recomendation Peter Busser (Mar 11)
    - Re: Linux Distribution Recomendation Vincent (Mar 15)
    - Re: Linux Distribution Recomendation Peter Busser (Mar 16)
- Re: Linux Distribution Recomendation Michael Gale (Mar 03)
- RE: Linux Distribution Recomendation Neil Fryer (Mar 04)
  - Re: Linux Distribution Recomendation Peter Busser (Mar 08)