tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Improving security for pkgsrc



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 21.07.2015 16:09, Marc Espie wrote:
> On Tue, Jul 21, 2015 at 01:49:49PM +0000, Benedek Gergely wrote:
>> On Tue, Jul 21, 2015 at 03:03:05PM +0200, Marc Espie wrote:
>>> (I have a long list of very badly written code that crashes
>>> thanks to ssp, including the X server and mplayer among
>>> prominent examples)
>>> 
>> So developersi/testers/adv. users should enable it to catch more
>> things and end users who don't know any better shouldn't.
> 
> Nah, wrong conclusion.   End users who don't know any better will
> see weird things going on. Because buffer overflows that are caught
> by ssp, otherwise, are going to modify the stack content in
> unpredictable way.
> 

It's not always true.

- From my experience, most users and all customers want the opposite:
- - clean code,
- - zero overhead,
- - no debug runtime nor debug built options,
- - fix bugs on your own.

It depends of use case, but usually it's preferred to run clean and
correct code as quickly as possible, because this speed makes it
competing on the market. If the software has bugs frequently popping
out then fix the code first.

Of course it depends of use-case, if you just want to serve a single
executable and mitigate corruption of the entire system... it might be
a benefit. On the other hand in that use-case I would go for a
container or an unikernel solution (already an option with rump
kernels) and keep the things as quick as they can be.

All kind of asserts should be used by most developers and willing to
do so users - please don't enforce it to all of us.

I like the work by Pierre to make it an option.

Thanks!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVrlj6AAoJEEuzCOmwLnZsNeYQAKWhFP51SmNKCm4GpqmTrbJL
k9WsEs9co1INY4V8bVFTtPvWhtJOkQv/kuV1em8vCiYGJYjnXvtb3rPgdySwZJ2O
sKxIH0Rbg1l8rl0X7w9dlDnXb09eIrWaZYgs6fAgGxCfBKIKOr/Lq5qpWdwU4pqD
H8Un9S1PHWTF9wGQphpH2Oxzp/xd6Efz/S5cl/rpqnBF6qIAeKNzfa7hDdPsz1Dr
Nm6VPs0jcH9MImkqU9rFmaEF0CKzbmzZ8xIGA+n6f5pi1Hub1aX/vKb6HfFWtk9c
BiHB2BaMxGxu/WqtBVHzkSLkgbq1RamiRlfu1V+JRYisW8nU4mS9aw5vLXihvYGN
jWDPu4aNKlqF3kyIkNW8BmdZIKHgELKaJKszANUAmonnOnAFkWqXBHJDPixvM4+1
rHAeBeLMpbMDVG7OkHwDTZ6XNAk43XW9GoqlNczSupJLFyvVdFWTFFpkkDXwz9Cf
jjqZIO+4nbFQZLmyoHKCiyK4IXlSf8PFve7aptwKm/IJQZ2pt/dQzw9DvK9Efvpi
vqweCJ+Tzbl+UEdk8PI/LXkpjv7atErAWXq+tM9oz2TEILFBs51rYTZRZ5Qx9AYu
aJ0cs+fTSyObR24SINU5pxnNIhn/LfSPd2AL+JXyChoAqq72p9dlrxlPI/SvR52h
P2/S1EST4BEVS718y34K
=pYNo
-----END PGP SIGNATURE-----


Home | Main Index | Thread Index | Old Index