-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Lorenzo Hernandez Garcia-Hierro wrote: | Hi, | [...] | Debian Hardened is like Debian Junior, and the rest of subprojects. | *We* must provide the best (and the easiest) way to harden Debian for | advanced users, sysadmins or just people that want a really *more* | secure environment than the "common" one, that does not need to be | "insecure" but it will be more "unsafe" if you compare it with the same | system but hardened. I prefer directly hardening Debian with things that don't get in the way of the user. That's what I was going on about a month ago with PaX (I'm still working with that, just waiting until after Sarge). As long as the user doesn't have to see it, it can and I think should go into mainline Debian. My point here is, you mention "advanced users" and "sysadmins;" but I'm focused on people who are too stupid to remember how to save a document in MS Word in RTF format instead of .doc. [...] | if | you a hardened binary (+SSP/ProPOlice and a library to trace the BOF | conditions) in a hardened environment (hardened kernel and RBAC/RSBAC | policies) it will be not dangerous as having a simple Debian! Ummmmmm, update anyway dude. It's still a DoS attack. | We can start asking ourselves about "Why not making Debian hardened | directly?", we need to respect the freedom of choice and also, a normal | user wouldn't want to use RBAC...or not? Some technologies, like SSP and PIE, have to be compiled directly into the program. Most users would chose not to recompile their system. I believe that nobody would be particularly upset if their system was more secure *as* *long* *as* it does not become visible to them. If it looks no different, I think the 'lesser of two evils' here would be to be secure by default, and let the user who for some odd reason wants to be a target to rebuild. RBAC I'll agree with, it can be a pain in the ass and can change the way an administrator has to interact with the system, which can become confusing to the user. GRSecurity with active ACLs or an active SELinux shouldn't be on by default; but they can easily be options which the user can activate with a debconf program. [...] | Thanks in advance, | Cheers. - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBSxkjhDd4aOud5P8RAhrgAKCCLpcqdv3zxwcG5Fo8rDPGOvLLEwCfc0Wo 4ZO3r5ScbvtWKOSqQP9uNEg= =Yl7W -----END PGP SIGNATURE-----
