Results 1 to 5 of 5

Thread: Fedora 20 Will Have A Security/Performance Change

  1. #1
    Join Date
    Jan 2007
    Posts
    14,353

    Default Fedora 20 Will Have A Security/Performance Change

    Phoronix: Fedora 20 Will Have A Security/Performance Change

    With Fedora 19 being released soon, the Fedora Engineering and Steering Committee has begun evaluating potential changes/features for Fedora 20. One of the features that was approved today is a build change for the RPMs that can yield greater code security but at the potential cost of performance...

    http://www.phoronix.com/vr.php?view=MTM5NjQ

  2. #2
    Join Date
    Dec 2011
    Posts
    2,006

    Default

    Maybe they could run -fstack-protector-all on the alphas and betas.
    Then run -fstack-protector-strong or disable it on the final release.

    Then they catch the security vulnerabilties during testing.

  3. #3
    Join Date
    Mar 2013
    Posts
    46

    Default

    Quote Originally Posted by uid313 View Post
    Maybe they could run -fstack-protector-all on the alphas and betas.
    Then run -fstack-protector-strong or disable it on the final release.

    Then they catch the security vulnerabilties during testing.
    To be clear, this is to find vulnerabilities in packages when they are installed, not in Fedora itself. It's a change in how RPM would work, not how the distro itself is built. So while that might be useful for finding vulnerabilities in various packages, it's not directly related to releasing Fedora 20.

  4. #4
    Join Date
    Sep 2012
    Posts
    650

    Default

    Quote Originally Posted by tga.d View Post
    To be clear, this is to find vulnerabilities in packages when they are installed, not in Fedora itself. It's a change in how RPM would work, not how the distro itself is built. So while that might be useful for finding vulnerabilities in various packages, it's not directly related to releasing Fedora 20.
    Well that's not clear at all. -fstack-protector-strong is a gcc flag that add stack cookies on compiled code, so that when and where a buffer overflow would be happening, the application crashes instead. Definitely a change in how the distro is built, and it's not there to "find" vulnerabilities but protect from them at run time.
    And as they plan to rebuild all packages with this flag only for fedora 20, it's quite related to this release.

  5. #5
    Join Date
    Mar 2013
    Posts
    46

    Default

    Quote Originally Posted by erendorn View Post
    Well that's not clear at all. -fstack-protector-strong is a gcc flag that add stack cookies on compiled code, so that when and where a buffer overflow would be happening, the application crashes instead. Definitely a change in how the distro is built, and it's not there to "find" vulnerabilities but protect from them at run time.
    And as they plan to rebuild all packages with this flag only for fedora 20, it's quite related to this release.
    Maybe I worded it poorly, but that was my point. In particular,
    One of the features that was approved today is a build change for the RPMs that can yield greater code security but at the potential cost of performance.

    The change that was approved today is a GCC flag change for now using "-fstack-protector-strong" on building Fedora RPM packages rather than just the "-fstack-protector" argument.
    As in, it's something you want for the applications you have installed. Testing Fedora itself (what I meant by "releasing Fedora") isn't the main intention of this - other than measuring performance, of course. In any case, at least where I learned coding, crashing a program is never desired behavior, but debugging behavior, which is why I said it's used to find vulnerabilities. As in, if the program ever crashes, something is wrong, and you should file a bug report.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •