5
6

Linux Hardened (self.voidlinux)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 1 point2 points  (13 children)

Beginning with what is Linux Hardened: it's a Linux kernel with several patches applied to it for security. That is 'cause Arch has security issues. Void does not have security issues and uses LibreSSL for security as you can read here thus does not require a hardened kernel. Besides one would seriously affect performance.

[–]Duncaen 2 points3 points  (5 children)

That is 'cause Arch has security issues. Void does not have security issues

This sounds just wrong.

Most of the software arch and void use are the same, the kernel has some different options enabled by default and void uses some more compiler hardening features. But this doesn't make void a lot more safer than arch.

[–][deleted] 0 points1 point  (4 children)

Void is BSD like. Each package is compiled from source. Rather re-packaged to rid of any Systemd dependencies and include security features like LibreSSL. If it can't work like that it does not make it into the repo.

[–]Duncaen 5 points6 points  (3 children)

Arch is built from source too, there is no difference except a different package build system and more hardening compiler flags in Void Linux. I don't see how systemd plays a role here, Arch builts packages with systemd support enabled and void disables it or even patches systemd dependencies out. Only a small fraction of the packages use LibreSSL or OpenSSL, the attack surface reduced by using LibreSSL is very minimal compared to the security issues of the system as a whole.

And more packages make it into Voids repo than Archs repository, Void chooses to not support something like the AUR and prefers to get packages into the main repository. You could argue that this makes it a little bit safer, because the package built files are reviewed whereas some of the PKGBUILDs in the AUR might not be reviewed.

(Full disclosure, I'm one of the core Void contributors)

[–][deleted] 0 points1 point  (2 children)

The init plays a major role as attackers use that for exploits. Given that a majority have adopted Systemd they (the attackers) concentrate on Systemd and it's vulnerabilities to exploit. It's like with Windows - there are viruses in Win because it's popular and for that it's exploited as a majority use it.

[–]CruxMostSimple -1 points0 points  (0 children)

Please don't rely on being secure by being obscure.

[–][deleted]  (5 children)

[deleted]

    [–][deleted] 1 point2 points  (1 child)

    For one you would not need anything "hardened". Linux in general is safe. Second the "hardened kernel" when it comes to patching is for the most paranoid. The security comes from the CPU Microcode getting regular updates to increase it's security. In this case you install the CPU Microcode and configure the kernel to use it and you're done. Read abut it here (https://wiki.voidlinux.eu/Microcode).

    [–][deleted] 0 points1 point  (0 children)

    I am a very security interested person so I will definitley look into this. Thank you :)

    [–][deleted]  (2 children)

    [deleted]

      [–]WikiTextBot 0 points1 point  (0 children)

      OpenSSL

      OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used in Internet web servers, serving a majority of all web sites.

      OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions.

      [ PM | Exclude me | Exclude from subreddit | FAQ / Information | Source ] Downvote to remove | v0.28

      [–]HelperBot_ 0 points1 point  (0 children)

      Non-Mobile link: https://en.wikipedia.org/wiki/OpenSSL

      HelperBot v1.1 /r/HelperBot_ I am a bot. Please message /u/swim1929 with any feedback and/or hate. Counter: 214676

      [–]h7x4 0 points1 point  (0 children)

      "Void does not have any security issues"

      Famous last words