PINE64
Security/Musl Question - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: PostmarketOS on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=124)
+---- Thread: Security/Musl Question (/showthread.php?tid=14709)



Security/Musl Question - publiclewdness - 08-20-2021

Often times I have seen people refer to PostmarketOS as a more secure option than other distros available and usually the reasons revolve around it being based off of Alpine Linux and using Musl. What makes Musl a better choice ? I tried to web search it but mostly get results of people talking about how it is faster or has cleaner code or takes up less space but not about security specifically. How would PostmarketOS stack up against Mobian or Graphene OS in the security department ? All three have full disk encryption as options but past that it gets into territory where people make vague statements but not much explanation.


RE: Security/Musl Question - moonwalkers - 08-21-2021

(08-20-2021, 05:05 PM)publiclewdness Wrote: Often times I have seen people refer to PostmarketOS as a more secure option than other distros available and usually the reasons revolve around it being based off of Alpine Linux and using Musl. What makes Musl a better choice ? I tried to web search it but mostly get results of people talking about how it is faster or has cleaner code or takes up less space but not about security specifically. How would PostmarketOS stack up against Mobian or Graphene OS in the security department ? All three have full disk encryption as options but past that it gets into territory where people make vague statements but not much explanation.

Musl was designed to allow efficient static linking (unlike glibc, which is nigh impossible to link statically against), avoid race conditions, and deal better with resource exhaustion and other worst-case scenarios. Other than static linking, all of these, including cleaner code, generally can also help with improving security.