Home page logo
/

basics logo Security Basics mailing list archives

Re: Linux Distribution Recomendation
From: Vincent <pros-n-cons () bak rr com>
Date: Thu, 4 Mar 2004 20:17:47 -0800

On Thu, 04 Mar 2004 10:44:05 +0100
peter () devbox adamantix org (Peter Busser) wrote:

I wonder how much of a performance hit you would call significant. Personally,
I do not notice a performance difference between a PaX kernel and a non-PaX
kernel. With the segmentation based protection, the performance impact is
estimated at 2%.

And then, even if you are right, and the performance impact is indeed
significant (let's say 20%). Then you just wait 6 months, for the same price
you will get a 20% faster CPU that will compensate for the impact. If you
cannot wait 6 months, you simply pay a hundred bucks more now. A small
investment that really pays off, once you realise how much a successful
breakin and the resulting downtime costs.

It should be noted that systems like RSBAC (which is used in Adamantix) and
SELinux are as secure as the kernel is. The recent list of Linux kernel exploits
show that this security is not exactly perfect. So don't expect miracles from
systems like that, even though some people would like to make you believe
otherwise.

Groetjes,
Peter Busser


Fair enough, significant was the wrong word, I was trying to recall what I
learned between you and Ingo from the debian-devel list a few months back.
Now I see it was the VM issue and full compatibility that still had hurdles.

So the point that security almost always asks for something in return holds true
to some degree.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]