On Sunday, September 06, 2015 1:15:17 PM walt wrote: > https://wiki.gentoo.org/wiki/Hardened_Gentoo > > That wiki page is very seductive. It makes me want to drop everything > and select a hardened profile and re-emerge everything from scratch. > > But I have a feeling I'd soon be in big trouble if I did. Is this > something that only gentoo devs should be messing with, or is this > a project that a typical gentoo end-user might hope to accomplish > without frequent suicidal thoughts?
There's different opinions on it, but mine is that while it adds some security it's so little that it's not worth it in most cases. It provides more security on a binary distro because everyone has the same binaries and an attacker don't need to guess where a specific piece of code may get loaded but by running a source distro your address space is already pretty unique. The only case where it provides some security is when an attacker is trying to guess an address for an exploit, making the wrong guess will likely crash the process and it will be reloaded on a new address. Do you have valuable enough data for an attacker to go through that hassle in order to get it? If you do then you should use a hardened profile, but physical security and disk encryption is more important because if it's worth that much it'll be easier to just rob you. Be aware that there's no hardened desktop profile so that alone will make it somewhat harder if plan to use it on a desktop. Another reason is if you want to use something like SELinux (which doesn't require a hardened profile) that gives you very fine grained control about access control but it's also very restrictive. I think it's only worth it for large networks with many users and different levels of access to sensitive data. I needed some of SELinux features but settled for using AppArmor in an unusual way to accomplish them because SELinux is too much trouble. All AppArmor really does is provide process isolation or sandboxing. If an attacker gains access through an exploint he will only be able to access the files that the exploited service has access to. I use it with a catch all profile that prevents execution from all world writeable and home directories, and access to ssh/pgp keys, keyrings, etc. This works nice for servers and desktops and is not too restrictive. And if I need to execute code from my home dir for development I can launch an unrestricted shell via sudo. I can leave my laptop unlocked with the wallet open (I use the kwallet pam module) and it will be really hard for you to get anything like ssh keys or passwords (I also have patches for kwallet so it requires a password to show saved passwords), but the programs that need them have access to them. -- Fernando Rodriguez
