On Wed, Nov 07, 2018 at 07:34:57PM +0300, Kihaguru Gathura wrote: > Hi, > > > On Wednesday, November 7, 2018, Nick Holland <[email protected]> > wrote: > > On 11/05/18 23:51, Kihaguru Gathura wrote: > >> Hi, > >> > >> From a security standpoint, > >> which platform will offer better performance > > > > huh? What's your priority, security or performance? > > > > Security is the Priority. > > > If you have one and no budget to buy something ...um... modern, use it. > > I have the PrimePower 250 > > > UltraSPARC will probably give them a bigger surprise. > > Please explain further if possible. > > But if you are > > running web services, you are probably running apps written by someone > > without any idea what they are doing in an interpreted language like > > PHP, and the exact same exploits will take out either platform, because > > the exploits will be at a much higher level than the processor. > > Self written services in C language. >
SPARC64 has thanks to stackghost a good defence against ROP attacks. It is big endian and strict aligned. The IOMMU also give some protection of driver bugs. SUN4U would be able to do execute only pages but SUN4V no longer supports that. In general OpenBSD/sparc64 is a good arch when it comes to being secure. The problem is that there is less and less good hardware around which is beefy enough and so more and more packages fail to build -- there is general less interest in the HW (esp outside OpenBSD). Now OpenBSD/amd64 is also not bad either, fairly important changes were made to make attacks less successful (e.g. Todd Mortimer's LLVM ret-protector). The big benefit of amd64 is that this is the common arch every developer has access to. In the end running OpenBSD gives you as many security features turned on by default as nowhere else. -- :wq Claudio
