I don't know how the Sabayon build system works, but why not just build
an image with full hardening and distribute it as an optional
sabayon-hardened.iso? Without a pax kernel, you'll probably be okay on
all video hardware and any breakage will happen at compile time, not
when the end user tries to run things.
--Tony
On 03/13/2012 02:50 PM, Mitch Harder wrote:
Thanks for the feedback. We appreciate your review of our approach.
On Tue, Mar 13, 2012 at 1:19 PM, Anthony G. Basile<[email protected]> wrote:
1) glibc needs to be compiled with USE=hardened to apply some necessary
patches, and it needs to be compiled with a hardened compiler to get
-D_FORTIFY_SOURCES=2. So the toolchain (gcc/glibc/binutils) must be
compiled and then recompiled with USE=hardened.
Right, sorry I wasn't clear about that.
Hardening the toolchain (gcc/glibc/binutils) should be a single step.
2) If the entire system is not compiled hardened, then the system libraries
will lack the security from hardening. Why bother then with hardening at
all?
This is a very important question that is still unclear for me.
My premise is that:
We can achieve a worthwhile increase security by selectively hardening
Sabayon (hardened toolchain, hardened suid binaries, on a standard
kernel).
From here, we will be in a position to selectively harden other
categories of packages (such as @system, LAMP, etc...).
Desktop (such as full Gnome and KDE) and Multimedia will probably be
last (and may be a ways down the road).
I have a supporting premise that, eventually, nearly all packages will
support being built hardened.
If these premises are incorrect, then this approach to hardening may
not be worthwhile.
And, again, I appreciate the feedback of the people who have spent
much more time working with hardening.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : [email protected]
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
