Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Newbie and I have some questions on Gentoo Security (Solved)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Amputaatio
n00b
n00b


Joined: 03 Mar 2017
Posts: 6

PostPosted: Thu Mar 09, 2017 3:23 am    Post subject: Newbie and I have some questions on Gentoo Security (Solved) Reply with quote

Quick questions I have:
Does compiling things from source make your system have more security than for instance installing binary packages like in Arch Linux?


Also does getting rid of certain use flags when installing a package radically improve security or it is such a small difference which does not matter much?


Last edited by Amputaatio on Thu Mar 09, 2017 11:55 am; edited 3 times in total
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1691

PostPosted: Thu Mar 09, 2017 3:44 am    Post subject: Reply with quote

Quote:
Does compiling things from source make your system have more security than for instance installing binary packages like in Arch Linux?

Well, for this it helps in that the package's dependencies get updated, reducing potential security vulnerability. While binary packages may have some of the dependencies included with the package (often old versions, for simplicity reasons). An good example of this problem is heartbleed in openssl. Numerous packages use openssl, and it's been an ongoing battle in that some packages haven't updated the included copy of openssl that may be vulnerable to it.

Quote:
Also does getting rid of certain use flags when installing a package radically improve security or it is such a small difference which does not matter much?

Removing unnecessary USE flags has the potential of reducing the chance for vulnerability. This is done by only included the necessary dependencies. What I am meaning is that some USE flags toggle some optional dependencies depending on if it is on or not (this is not always the case, it depends on the package). The one thing you need to keep in mind is that USE flags also restricts some possible capabilities in the program.
Back to top
View user's profile Send private message
Amputaatio
n00b
n00b


Joined: 03 Mar 2017
Posts: 6

PostPosted: Thu Mar 09, 2017 6:19 am    Post subject: Reply with quote

Thanks for the response. That makes a lot of sense. I accidently left some information out on my second question. I deleted it and rewrote it below. My bad silly me :lol:

What I meant to say is if I am running the Hardened profile with GRsec is it really worth it or is just running the regular profile with GRsec basically the same thing.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42563
Location: 56N 3W

PostPosted: Thu Mar 09, 2017 9:13 am    Post subject: Reply with quote

Amputaatio,

The hardened profile won't get you much hardening on its own. You need the hardened kernel too.

Is it worth it?
That all depends on the threats you want to defend against.

Security starts with looking at your threats, then deploying measures to defend against those threats.
e.g. You are worried about the NSA getting your secrets. They will bypass any and all defences and take you and your PC away and beat your secrets out of you.
You want to defend against leaving your laptop on a train. Encrypt your hard drive. This is only useful while the system is powered off.

Not running things you don't need to reduces your attack surface. Not running optional parts of packages you do need reduces your attack surface too.
You need to build your own for that. Gentoo helps.

Security is like the layers of an onion. It make it hard but never say impossible for an attacker.
The more you have, the more intrusive it becomes to your use of the system.
e.g. Not connecting to the internet is good for security but its unlikely you would tolerate that.

Choose the right defences to match your perceived threat and only deploy those defences you are willing to tolerate interfering or changing your workflow.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Thu Mar 09, 2017 9:17 am    Post subject: Reply with quote

Amputaatio wrote:
What I meant to say is if I am running the Hardened profile with GRsec is it really worth it or is just running the regular profile with GRsec basically the same thing.

Amputaatio ... they are not the same thing, a hardened profile will restrict things/useflags like JIT (jit, luajit, etc) which either won't function under grsec, or can be considered requiring disabling as part of 'hardening'. Other useflags, like urandom, are also enabled with the hardened profile, and some config files (like syslog-ng.conf) are different when USE="hardened" is set. These could of course be enabled with a non-hardended profile, but a profile is the general mechanism for getting these features enabled/disabled.

best ... khay
Back to top
View user's profile Send private message
Amputaatio
n00b
n00b


Joined: 03 Mar 2017
Posts: 6

PostPosted: Thu Mar 09, 2017 11:53 am    Post subject: Reply with quote

Thanks for the responses Got the information I needed. Edited the title to "solved"
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum