Re: Proposing amd64-hardened architecture for Debian
Hi Martin,
2014-04-16 14:53 GMT+02:00 Martin Wuertele <martin@wuertele.net>:
> * Balint Reczey <balint@balintreczey.hu> [2014-04-15 12:01]:
>
> (...)
>
>> My proposal for serving those security-focused users is introducing a
>> new architecture targeting amd64 hardware, but with more security
>> related C/C++ features turned on for every package (currently hardening
>> has to be enabled by the maintainers in some way) through compiler flags
>> as a start.
>>
>> Introducing the new architecture would also let package maintainers
>> enabling additional dependencies and build rules selectively for the new
>> architecture improving the security further. On the users' side the
>> advantage of having a separate security enhanced architecture instead of
>> a Debian derivative is the potential of installing a set of security
>> enhanced packages using multiarch [6]. You could have a fast amd64
>> installation as a base and run Apache or any other sensitive server from
>> the amd64-hardened packages!
>>
>> -----
>>
>> What do you think? Would adding a new arch be feasible and a good solution?
>
> Why is it not feasable to provide additional -hardened packages? With
> that it would be possible to provide hardened versions of packages on
> other archs as well.
Providing -hardened packages on a per -package basis is certainly
doable, but it would not scale IMO to useful level. With the proposed
multiarch based method one would be pick a binary and all of the
library dependencies from the hardened arch from top to bottom.
In case of providing -hardened binary packages for amd64 to achieve
the same results we would have to wait for all library packagers to
provide -hardened versions and even a single developer not having time
could block the goal.
Managing the dependencies between -hardened and normal libraries seem
to be a complex problem which I would like to avoid.
Cheers,
Balint
Reply to: