Fernando Rodriguez <frodriguez.develo...@outlook.com> wrote: > On Sunday, September 06, 2015 1:15:17 PM walt wrote: > > https://wiki.gentoo.org/wiki/Hardened_Gentoo > > > > That wiki page is very seductive. It makes me want to drop > > everything and select a hardened profile and re-emerge everything > > from scratch. > > > > But I have a feeling I'd soon be in big trouble if I did. Is this > > something that only gentoo devs should be messing with, or is this > > a project that a typical gentoo end-user might hope to accomplish > > without frequent suicidal thoughts? > > There's different opinions on it, but mine is that while it adds some > security it's so little that it's not worth it in most cases. It > provides more security on a binary distro because everyone has the > same binaries and an attacker don't need to guess where a specific > piece of code may get loaded but by running a source distro your > address space is already pretty unique. The only case where it > provides some security is when an attacker is trying to guess an > address for an exploit, making the wrong guess will likely crash the > process and it will be reloaded on a new address. Do you have > valuable enough data for an attacker to go through that hassle in > order to get it? If you do then you should use a hardened profile, > but physical security and disk encryption is more important because > if it's worth that much it'll be easier to just rob you.
I'm not a security expert, so I'm maybe wrong here, But I think there are more security functions on gentoo-hardened than just address space randomization. There are also things like stack smash protection and some other restrictions that make it harder to exploit security holes. > Be aware that there's no hardened desktop profile so that alone will > make it somewhat harder if plan to use it on a desktop. I never used a desktop profile. I just added the USE flags that I need. > Another reason is if you want to use something like SELinux (which > doesn't require a hardened profile) that gives you very fine grained > control about access control but it's also very restrictive. I think > it's only worth it for large networks with many users and different > levels of access to sensitive data. Yes, SELinux can be very painfull and I also don't use it. > I needed some of SELinux features but settled for using AppArmor in > an unusual way to accomplish them because SELinux is too much > trouble. All AppArmor really does is provide process isolation or > sandboxing. If an attacker gains access through an exploint he will > only be able to access the files that the exploited service has > access to. I use it with a catch all profile that prevents execution > from all world writeable and home directories, and access to ssh/pgp > keys, keyrings, etc. This works nice for servers and desktops and is > not too restrictive. And if I need to execute code from my home dir > for development I can launch an unrestricted shell via sudo. I can > leave my laptop unlocked with the wallet open (I use the kwallet pam > module) and it will be really hard for you to get anything like ssh > keys or passwords (I also have patches for kwallet so it requires a > password to show saved passwords), but the programs that need them > have access to them. I will give AppArmor a try when I have more spare time. -- Regards wabe
