On Mon, Jan 23, 2012 at 8:23 PM, Gerald Pfeifer <gp(a)suse.com> wrote:
On Mon, 23 Jan 2012, Claudio Freire wrote:
again, breaking people's systems that have been running fine for
years? That's a big risk that I don't think you want to take...
case, it's worth the try.
Cui bono? The average openSUSE user will be very annoyed, up to
the point of considering a different distribution of something she
cares about breaks. Really, often it's just one thing not working,
or even not working well. And even if there is a workaround, and
she does not switch, such an experience certainly does not add
The point is to make everything on the distribution DVD and/or main
repo to work. Granted, it's easier said than done.
For those not too familiar with randomization and position-independent
code, all libraries (.so) already use position-independent code. Many
(and I mean the great majority) of application code does not care
which kind of code is being generated, and only a few cases exist that
would break, which includes applications that generate
position-dependent machine code at run-time (older JITs), or other
code that does non-standard stuff. Most C code just works, and making
it position-independent or not is just a matter of compiler flags.
Randomization of program addresses helps make the attacker's work of
successfully exploiting an existing vulnerability harder (not
impossible). Position-independent code *without* randomization,
however, is easier to attack than position-dependent code. That's
because position-independent code opens up a whole class of remote
code execution exploits that would be hard (not impossible) to
accomplish with fixed-address code if the execute-disable bit is used
on data pages (which are all pae-enabled kernels).
So randomization is a very significant security feature. Some exploits
are trivial without randomization, but become impossible or very hard
with randomization. And this means, in the presence of
vulnerabilities, that is, unpatched systems. So it's a good thing.
Very good thing. And it's unlikely to break a lot of stuff, anything
bsd-compatible would have to run with randomization for instance.
I am generally very much in favor of security. This,
not straightforward at all. Let's keep in mind that anyone on this
list is _not_ an average openSUSE user!
Why not make this a setting in the YaST Security and Hardening
This is a very good transitional release option. Ie: for the first
release with randomization, make it an opt-in feature (perhaps ask at
install time?). That would allow some time for extensive testing and,
when the next release makes it the default, would allow users to just
turn it on on their existing installation to check that everything
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org