On Thu, 5 Aug 2004 15:14:19 -0700, Jacob Meuser <[EMAIL PROTECTED]> wrote: > If it doesn't break the apps you want to use, it would prbably be > useful. Note the last line of the Project Goals, "These solutions > will be available in Gentoo once they've been tested for security > and stability by the Hardened team." > > In OpenBSD, these things are there by default. They are tested and > they work. They are part of the default install, and if there are > problems, they are fixed. I wonder how much support you'd get if > say, you install mozilla, or kde, and it doesn't work on hardened > gentoo, but it does work without the hardened stuff.
I would be curious to see the difference in performance between the hardened gentoo and a plain vanilla install that's been secured to adequate standards (no xinetd running wideopen, a standard firewall, smtpd basics etc.). And or OpenBSD vs. FreeBSD 4.10 vs. Slackware vs. Debian It seems like there would be some performance hit for more advanced features (like ACL's for instance) and possibly for some of the relatively basic things (if it takes 3 times longer to open a file under one regime, that's a severe hit for some applications). What would be the variables that could be tested that would tell you something worthwhile? partial list: 1. read/write speed (also open, close, and sync) 2. speed to respond to a network request ( how many requests/second before failure) 3. speed of opening network sockets ( how many open, write, close cycles in a given t) 4. speed of performing a standard numeric benchmark 5. fork and exec benchmark (how fast, how many, privilege checking) Of course to be at all meaningful all other variable would need to be constrained... It would be somewhat interesting way to compare OS's if we could count on having a standard reference box available it might be a good clinic project. -- http://Zoneverte.org -- information explained Do you know what your IT infrastructure does? _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
