Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)

[Elad Efrat <elad%NetBSD.org@localhost>]

Ty Sarna wrote:

> This seems insufficiently researched to me. I think we ought to 
> understand what's going on better before accepting a 5% penalty that we 
> may not need to, or conversely accepting the risk of doing without SSP 
> when the cost might be easily reduced. Not to mention having a flamewar 
> either way...

Look. The issue here isn't even a technical one. The 5% figure is not
representative, but if we treat it as such, here are two scenarios to
illustrate what's happening:

You are accessing a webpage or your email or whatever hosted on a NetBSD
machine. The operation, that with all of your client extravaganza takes
about 2 seconds, takes you now 2.1 seconds. You will not notice this
change.

On the other hand, depending on your personality of course, the mere
risk (read: the very hypothetical, theoretical, what have you) of having
your email read by someone else or DNS traffic manipulated may cause you
much more distress. When asking a NetBSD person, "do you guys do
everything to ensure this doesn't happen to me", you will receive a
reply saying "no, we have calculated the probabilities and traded a bit
more security to save you 0.1 seconds."

It is mind boggling to me that people don't see this is a classic case
of insurance. The probabilities are very low, but when something does
happen the impact is very big. What the proponents of the "performance
over security" and "this isn't a real risk" are telling you is what
Prospet Theory disproves.

-e.