Re: Proposing amd64-hardened architecture for Debian

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Proposing amd64-hardened architecture for Debian
From: Thomas Goirand <zigo@debian.org>
Date: Wed, 16 Apr 2014 00:15:22 +0800
Message-id: <[🔎] 534D5B1A.3070408@debian.org>
In-reply-to: <[🔎] 534D0341.5050807@balintreczey.hu>
References: <[🔎] 534D0341.5050807@balintreczey.hu>

On 04/15/2014 06:00 PM, Balint Reczey wrote:
> Hi,
> 
> I have posted the following idea on my blog [7] to get comments from
> people not on this list, but obviously this is the mailing list where
> the proposal should be discussed. :-)
> 
> -----
> 
> Facing last week's Heartbleed [1] bug the need for improving the
> security of our systems became more apparent than usually. In Debian
> there are widely used methods for Hardening [2] packages at build time
> and guidelines [3] for improving the default installations' security.
> 
> Employing such methods usually come at an expense, for example slower
> code execution of binaries due to additional checks or additional
> configuration steps when setting up a system. Balancing between
> usability and security Debian chose an approach which would satisfy the
> most users by using C/C++ features [4] which only slightly decrease
> execution speed of built binaries and by using reasonable defaults in
> package installations.
> 
> All the architectures supported by  Debian aims using the same methods
> for enhancing security but it does not have to stay the same way. Amd64
> is the most widely used architecture of Debian according to popcon [5]
> and amd64 hardware comes with powerful CPU-s. I think there would be a
> significant amount of people (being one of them :-)) who would happily
> use a version of Debian with more security features enabled by default
> sacrificing some CPU power and installing and setting up additional
> packages.
> 
> My proposal for serving those security-focused users is introducing a
> new architecture targeting amd64 hardware, but with more security
> related C/C++ features turned on for every package (currently hardening
> has to be enabled by the maintainers in some way) through compiler flags
> as a start.
> 
> Introducing the new architecture would also let package maintainers
> enabling additional dependencies and build rules selectively for the new
> architecture improving the security further. On the users' side the
> advantage of having a separate security enhanced architecture instead of
> a Debian derivative is the potential of installing a set of security
> enhanced packages using multiarch [6]. You could have a fast amd64
> installation as a base and run Apache or any other sensitive server from
> the amd64-hardened packages!
> 
> -----
> 
> What do you think? Would adding a new arch be feasible and a good solution?
> 
> Cheers,
> Balint

My take on this: start it if you wish, and see how it takes you. If it
is successful enough, it will go to http://www.debian-ports.org/. If it
has even more success, then probably it will go through the standard
repository and be official part of Debian. Whatever happens, it will be
interesting to see what kind of performance hit you get, and what kind
of security enhancement there is.

Just my 2 cents,

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: Proposing amd64-hardened architecture for Debian
  - From: Mathieu Malaterre <malat@debian.org>
- Re: Proposing amd64-hardened architecture for Debian
  - From: Steve Langasek <vorlon@debian.org>

References:
- Proposing amd64-hardened architecture for Debian
  - From: Balint Reczey <balint@balintreczey.hu>

Prev by Date: Re: Proposing amd64-hardened architecture for Debian
Next by Date: Re: Proposing amd64-hardened architecture for Debian
Previous by thread: Re: Proposing amd64-hardened architecture for Debian
Next by thread: Re: Proposing amd64-hardened architecture for Debian
Index(es):
- Date
- Thread