Delivery-Date: Mon, 24 Aug 2015 12:27:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,FROM_LOCAL_NOVOWEL,HK_RANDOM_FROM,RCVD_IN_DNSWL_MED,
	T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E25151E10A9;
	Mon, 24 Aug 2015 12:27:09 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 28CCB371EE;
	Mon, 24 Aug 2015 16:27:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 220EF371F4
 for <tor-talk@lists.torproject.org>; Mon, 24 Aug 2015 16:27:01 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 7n5ARrKZMAOB for <tor-talk@lists.torproject.org>;
 Mon, 24 Aug 2015 16:27:01 +0000 (UTC)
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com
 [IPv6:2607:f8b0:400d:c04::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id EA100371EE
 for <tor-talk@lists.torproject.org>; Mon, 24 Aug 2015 16:27:00 +0000 (UTC)
Received: by qgeb6 with SMTP id b6so89746699qge.3
 for <tor-talk@lists.torproject.org>; Mon, 24 Aug 2015 09:26:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=SS69HoqsYuqe2p/Db5aXal1VpA8BmQBSRckkN+YHpMU=;
 b=DwbUkgwgygGoPNlnEpn0uVUA42m2t0ZURwSL/w4r4FEMXTGbpGkOS4X/9CWilds4bK
 xYybVMBrmtD+vlN0TZnHkotDB6f8g2Wq2iJbi7Uq5u8ow0K8IfGVqgFM6pWAvAPGNukX
 0czhEuWq6iyX2Xrdf5eHlw9j4WvgIZcBV4bHz0DdL9pL3TgRitC9Clo0k1lpT6SOMWup
 VDN5bQOwZnWT0WW+/TtuzCcpaJBkkAjgWWZT7Gf6TWoXibhXMJBX9PN2RkZ06gFxNoH9
 jq9+rEh4C0FS392JVeYovJr1WEiu/pOjCjcLkig9XJyLA3/HODZc8C12FarXtmSw/Lv4
 TYrw==
MIME-Version: 1.0
X-Received: by 10.140.202.19 with SMTP id x19mr57977746qha.42.1440433618465;
 Mon, 24 Aug 2015 09:26:58 -0700 (PDT)
Received: by 10.233.222.2 with HTTP; Mon, 24 Aug 2015 09:26:58 -0700 (PDT)
Received: by 10.233.222.2 with HTTP; Mon, 24 Aug 2015 09:26:58 -0700 (PDT)
In-Reply-To: <CAFggDF0LSc9qPTtE5qb0tMEtGLsrJayG-djuD0wyGavhcQuHWw@mail.gmail.com>
References: <d577fdcf7971a1f4df14c3044b172b5a@openmailbox.org>
 <CAAgxajE8WRoz3hAZrVLL4H2OoaXnLG094XJR-4cgKoV_vjt=nA@mail.gmail.com>
 <CAKkunMaTLJpRrJZhO-ES+qXQmNYLBkuJ3A3PH=jX3tYTr8hS1g@mail.gmail.com>
 <CAFggDF0LSc9qPTtE5qb0tMEtGLsrJayG-djuD0wyGavhcQuHWw@mail.gmail.com>
Date: Mon, 24 Aug 2015 09:26:58 -0700
Message-ID: <CAAgxajG4_R8oG-kmkGQ76pPSU38CECzzngLQ=WSTJaFOGDT0cA@mail.gmail.com>
From: Apple Apple <djjdjdjdjdjdjd32@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] What's to be Done
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

It's not a Debian specific problem. Even "Security Conscious" distros like
Fedora only build a dozen or so key packages with pic and ssp because of
performance concerns. Address sanatizor is obviously out of the question.

Then of course Linux does not have proper ASLR without 3rd party kernel
patches anyway making pie pretty pointless.

There is a good article out there on why rsbac does not use lsm, I
recommend you read it if you do not understand the current security vs
performance dynamic within Linux. You should also read up on the history of
Pax and ask why it is not in the mainline Linux tree.

For whoever asked about previous Debian specific attempts I suggest you
look into a project called mempo, now defunct of course.

Given what I've said above we return to my original point. No mainstream
distro, especially Debian, is willing to pay the cost (mostly performance)
for adding meaningful security. If your plan is to try to bulldoze all this
stuff into Debian testing, that's not going to work...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

