HLFS 64bit again

goodoldmarty at gmail.com goodoldmarty at gmail.com
Wed Dec 5 07:25:27 PST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> After spending almost a month trying to build a secure 64bit system I
> begin to wonder why, will it be more secure than a 32bit system?
> (will it be less vulrable to buffer overflows due to the larger buffers???)

Maybe a 128 bit system would be better?
Do you own 64 bit applications that won't run on a 32 bit system?

Linux was designed as a 32 bit OS. It is patched to provide a migratory
path to 64 bit. Until 64 bit CPU boards are available (not dual 32 bit)
a 64 bit system is a joke. If you embrace the phallic "bigger is better"
concept you are certainly wasting your time. To put that in perspective,
I manually build/boot the HLFS book in < 24 hours for my 32 bit systems.

The toolchain patches, GRsecurity, and PAX, are the security
enhancements that harden the system. Buffers only get protected from
overflow if you apply the necessary patches. When you omit, or defeat
these things (-fno-pic -fno-pie -fno-something else) you gain no
desirable protections.

What you are trying to build will probably have more bugs, be less
secure, and possibly run slower, than the mainstream 32 bit build.

Marty B



- --
Putting Microsoft in a computer is like putting screen doors in a
submarine. Hopeless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFHVsLnodd/GHZYnVQRAiUtAJ9iJ7goN61OgWMcK1SY/KAH/qiITQCgyyRU
v0qjSnp0yQDhvxZQ4MxVj8o=
=Rgzh
-----END PGP SIGNATURE-----



More information about the hlfs-dev mailing list