Re: Proposing amd64-hardened architecture for Debian
On Tue, Apr 15, 2014 at 8:15 PM, Christian Hofstaedtler wrote:
> I think that as of today it would help more to fix various upstream
> build tools to actually honor the build flags we (using
> dpkg-buildflags) set. This would benefit both the regular
> architectures and any hypothetical hardened archs.
Also necessary is for them to support being built with other compilers.
> Regarding a special hardened arch, I think on amd64 there's almost
> no benefit of making a seperate arch: just turn on all the hardening
> stuff in amd64, the hardware is fast enough to tolerate some
> slowdown as a tradeoff for better security.
> No ideas for/about the other archs.
You need a separate architecture if your security enhancements are
going to give a 50% speed hit.
https://events.ccc.de/congress/2013/Fahrplan/events/5412.html
https://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-_201312271830_-_bug_class_genocide_-_andreas_bogk.html
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: