Delivery-Date: Mon, 24 Aug 2015 14:34:07 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5493E1E1060;
	Mon, 24 Aug 2015 14:34:05 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 868243731C;
	Mon, 24 Aug 2015 18:33:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1E9A5372B2
 for <tor-talk@lists.torproject.org>; Mon, 24 Aug 2015 18:33:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id b-xpLO2A0QVX for <tor-talk@lists.torproject.org>;
 Mon, 24 Aug 2015 18:33:47 +0000 (UTC)
Received: from mx.dvllc.co (mx.dvllc.co [104.238.144.106])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx.dvllc.co",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id E664D37314
 for <tor-talk@lists.torproject.org>; Mon, 24 Aug 2015 18:33:46 +0000 (UTC)
X-Greylist: delayed 393 seconds by postgrey-1.34 at eugeni;
 Mon, 24 Aug 2015 18:33:46 UTC
Received: from mx.dvllc.co (localhost [127.0.0.1])
 by mx.dvllc.co (OpenSMTPD) with ESMTP id f4d97ab3
 for <tor-talk@lists.torproject.org>;
 Mon, 24 Aug 2015 11:27:04 -0700 (PDT)
Received: from localhost (172-7-164-197.lightspeed.sndgca.sbcglobal.net
 [172.7.164.197]) by mx.dvllc.co (OpenSMTPD) with ESMTPS id 63587444
 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256 verify=NO
 for <tor-talk@lists.torproject.org>;
 Mon, 24 Aug 2015 11:27:04 -0700 (PDT)
Received: by localhost (OpenSMTPD) with ESMTPS id 76b54bd5
 TLS version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO
 for <tor-talk@lists.torproject.org>;
 Mon, 24 Aug 2015 11:27:03 -0700 (PDT)
To: tor-talk@lists.torproject.org
References: <d577fdcf7971a1f4df14c3044b172b5a@openmailbox.org>
 <CAAgxajE8WRoz3hAZrVLL4H2OoaXnLG094XJR-4cgKoV_vjt=nA@mail.gmail.com>
 <CAKkunMaTLJpRrJZhO-ES+qXQmNYLBkuJ3A3PH=jX3tYTr8hS1g@mail.gmail.com>
 <CAFggDF0LSc9qPTtE5qb0tMEtGLsrJayG-djuD0wyGavhcQuHWw@mail.gmail.com>
 <CAAgxajG4_R8oG-kmkGQ76pPSU38CECzzngLQ=WSTJaFOGDT0cA@mail.gmail.com>
Date: Mon, 24 Aug 2015 11:26:59 -0700
MIME-Version: 1.0
From: Seth <list@sysfu.com>
Message-ID: <op.x3vxi9rmbgbjo9@work-pc.lan>
In-Reply-To: <CAAgxajG4_R8oG-kmkGQ76pPSU38CECzzngLQ=WSTJaFOGDT0cA@mail.gmail.com>
User-Agent: Opera Mail/1.0 (Win32)
Subject: Re: [tor-talk] What's to be Done
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, 24 Aug 2015 09:26:58 -0700, Apple Apple  
<djjdjdjdjdjdjd32@gmail.com> wrote:

> It's not a Debian specific problem. Even "Security Conscious" distros  
> like
> Fedora only build a dozen or so key packages with pic and ssp because of
> performance concerns. Address sanatizor is obviously out of the question.
>
> Then of course Linux does not have proper ASLR without 3rd party kernel
> patches anyway making pie pretty pointless.
>
> There is a good article out there on why rsbac does not use lsm, I
> recommend you read it if you do not understand the current security vs
> performance dynamic within Linux. You should also read up on the history  
> of
> Pax and ask why it is not in the mainline Linux tree.
>
> For whoever asked about previous Debian specific attempts I suggest you
> look into a project called mempo, now defunct of course.
>
> Given what I've said above we return to my original point. No mainstream
> distro, especially Debian, is willing to pay the cost (mostly  
> performance)
> for adding meaningful security. If your plan is to try to bulldoze all  
> this
> stuff into Debian testing, that's not going to work...

I'm curious if any one on the list is able to determine how many of the  
above issues have already been addressed by the OpenBSD project.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

