man, 03 07 2006 kl. 12:30 +0800, skrev Trent Lloyd:
> 2) Application Secrurity Vulnerability
Easy, security issues are bugs which we should fix and mitigate risks by
deploying proactive security. Why do you think I've been banging on
about proactive security since the Hoary cycle. Not only does it cut
down the exploitable security holes by around 50% but it allows us the
comfort of knowing that any networked service or program is jailed
There should be little if any real risk by enabling features like
ZeroConf (which makes the system work smoother in a networked
environment and users like that) if we simply targeted proactive
security as a concern.
Sometimes it's a cost-benefit situation, I mean the internet is filled
with dangers, do we disable eth0 because of it?
We have to take security seriously but the stance that we should never
make the system easier and more fun to use because of security is
The only truly secure computer is one that's off at all times, but
that's hardly of any use now is it?
So what's the problem with enabling SELinux*, FORTIFY_SOURCE, ProPolice,
Exec-shield and some nice randomzation - there are plenty of tricks we
can deploy at near zero cost and Fedora have been nice enough to test
and fix up the system of the past 5 releases so the issues we should
encounter by enabling these features would be minimal at best. We can do
this for Edgy Eft if the will exists. Come people!
* SELinux might require a cycle to be enabled but the rest would be fine
for Edgy if we flipped the switch today.
ubuntu-devel mailing list