Hi Balint, Balint Reczey wrote: > Hi, > > I have posted the following idea on my blog [7] to get comments from > people not on this list, but obviously this is the mailing list where > the proposal should be discussed. :-) I generally agree with your concerns. But I have to concur that hardening the default should be the way to go. Besides, this does not only concern compiler flags, you'll need kernel hardening and active auditing (package source code, userland utitities and so forth). The thing is the OpenSSL vulnerability probably wouldn't have been resolved using those flags. Another example: stack canaries are a nice idea but have since been circumvented as new exploit techniques are constantly emerging. Another example: the new Kernel ASLR feature has recently been curvumvented by spender of GRSEC. Simply running valgrind on your system might flag a lot of false-positives and figuring out what the right approach for a given package is will be - again - active auditing and thus extremely time consuming. The best way to do this is upstream not in a specific distribution from my experience. A hardened distribution is a lot of effort, I've seen the Gentoo guys try it but it seems to be largely unmaintained nowadays. Hence - currently - the burden falls on security and systems engineers that deploy systems on a given Linux distribution. Aaron
Attachment:
signature.asc
Description: OpenPGP digital signature