[Eug-lug] Gentoo hardened

[larry price]

On Thu, 5 Aug 2004 15:14:19 -0700, Jacob Meuser <jakemsr at jakemsr.com> wrote:
> If it doesn't break the apps you want to use, it would prbably be
> useful.  Note the last line of the Project Goals, "These solutions
> will be available in Gentoo once they've been tested for security
> and stability by the Hardened team."
> 
> In OpenBSD, these things are there by default.  They are tested and
> they work.  They are part of the default install, and if there are
> problems, they are fixed.  I wonder how much support you'd get if
> say, you install mozilla, or kde, and it doesn't work on hardened
> gentoo, but it does work without the hardened stuff.

I would be curious to see the difference in performance between the
hardened gentoo and a plain vanilla install that's been secured to
adequate standards (no xinetd running wideopen, a standard firewall,
smtpd basics etc.).

And or OpenBSD vs. FreeBSD 4.10 vs. Slackware vs. Debian

It seems like there would be some performance hit for more advanced
features (like ACL's for instance) and possibly for some of the
relatively basic things (if it takes 3 times longer to open a file
under one regime, that's a severe hit for some applications).

What would be the variables that could be tested that would tell you
something worthwhile?

partial list:
1. read/write speed (also open, close, and sync)
2. speed to respond to  a network request ( how many requests/second
before failure)
3. speed of opening network sockets ( how many open, write, close
cycles in a given t)
4. speed of performing a standard numeric benchmark
5. fork and exec benchmark (how fast, how many, privilege checking)

Of course to be at all meaningful all other variable would need to be
constrained...

It would be somewhat interesting way to compare OS's 
if we could count on having a standard reference box available 
it might be a good clinic project. 

-- 
http://Zoneverte.org -- information explained
Do you know what your IT infrastructure does?