[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposing amd64-hardened architecture for Debian



On Tue, Apr 15, 2014 at 6:15 PM, Thomas Goirand <zigo@debian.org> wrote:
> On 04/15/2014 06:00 PM, Balint Reczey wrote:
>> Hi,
>>
>> I have posted the following idea on my blog [7] to get comments from
>> people not on this list, but obviously this is the mailing list where
>> the proposal should be discussed. :-)
>>
>> -----
>>
>> Facing last week's Heartbleed [1] bug the need for improving the
>> security of our systems became more apparent than usually. In Debian
>> there are widely used methods for Hardening [2] packages at build time
>> and guidelines [3] for improving the default installations' security.
>>
>> Employing such methods usually come at an expense, for example slower
>> code execution of binaries due to additional checks or additional
>> configuration steps when setting up a system. Balancing between
>> usability and security Debian chose an approach which would satisfy the
>> most users by using C/C++ features [4] which only slightly decrease
>> execution speed of built binaries and by using reasonable defaults in
>> package installations.
>>
>> All the architectures supported by  Debian aims using the same methods
>> for enhancing security but it does not have to stay the same way. Amd64
>> is the most widely used architecture of Debian according to popcon [5]
>> and amd64 hardware comes with powerful CPU-s. I think there would be a
>> significant amount of people (being one of them :-)) who would happily
>> use a version of Debian with more security features enabled by default
>> sacrificing some CPU power and installing and setting up additional
>> packages.
>>
>> My proposal for serving those security-focused users is introducing a
>> new architecture targeting amd64 hardware, but with more security
>> related C/C++ features turned on for every package (currently hardening
>> has to be enabled by the maintainers in some way) through compiler flags
>> as a start.
>>
>> Introducing the new architecture would also let package maintainers
>> enabling additional dependencies and build rules selectively for the new
>> architecture improving the security further. On the users' side the
>> advantage of having a separate security enhanced architecture instead of
>> a Debian derivative is the potential of installing a set of security
>> enhanced packages using multiarch [6]. You could have a fast amd64
>> installation as a base and run Apache or any other sensitive server from
>> the amd64-hardened packages!
>>
>> -----
>>
>> What do you think? Would adding a new arch be feasible and a good solution?
>>
>> Cheers,
>> Balint
>
> My take on this: start it if you wish, and see how it takes you. If it
> is successful enough, it will go to http://www.debian-ports.org/. If it
> has even more success, then probably it will go through the standard
> repository and be official part of Debian. Whatever happens, it will be
> interesting to see what kind of performance hit you get, and what kind
> of security enhancement there is.

Same comment as Thomas.
On your way you'll pretty much be required to implement
source-only/binary-drop uploads, which is a feature I want to see ;)

BTW, thanks to your post, I discovered that ld.so is capable of
searching in `hardware-specific` directory first.

Good luck,
-M


Reply to: