[gentoo-dev] Secure Gentoo - What do you think?

[gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg]

Hi people,

I guess I should start off by introducing myself: I'm a sexteen years old (or
young :]) norwegian student, and the developer/maintainer of the high security
Linux distribution SuxOS (http://www.SuxOS.org). I've used Linux for a few years
now, and run nothing but Linux on all my machines at home.

Recently, I asked mr. Robbins if I could use Portage in SuxOS, and we concluded
with that a collaborative effort would be for the best. I've decided that I
would really like to make a Portage "system profile" for SuxOS, as mr. Robbins
suggested, and work with the Gentoo distribution (mainly Portage) as a base for
SuxOS, effectively creating a security centralized version of Gentoo.

How does this sound to you people?

If any of you have any protests, suggestions, ideas or anything of the like,
please drop me a line (off or on list, your choice). If I get positive response,
I'll start learning the .ebuild files and install Gentoo on one of my machines
(okay, I'll do that anyway... ;]).

Best Regards :)

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Daniel Robbins]

On Mon, 2002-01-07 at 09:13, Joachim Blaabjerg wrote:
> Hi people,
> 
> I guess I should start off by introducing myself: I'm a sexteen years old (or
> young :]) norwegian student, and the developer/maintainer of the high security
> Linux distribution SuxOS (http://www.SuxOS.org). I've used Linux for a few years
> now, and run nothing but Linux on all my machines at home.
> 
> Recently, I asked mr. Robbins if I could use Portage in SuxOS, and we concluded
> with that a collaborative effort would be for the best. I've decided that I
> would really like to make a Portage "system profile" for SuxOS, as mr. Robbins
> suggested, and work with the Gentoo distribution (mainly Portage) as a base for
> SuxOS, effectively creating a security centralized version of Gentoo.
> 
> How does this sound to you people?

I think it's a great idea in every respect.

-- 
Daniel Robbins                                  <drobbins@gentoo.org>
Chief Architect/President                       http://www.gentoo.org 
Gentoo Technologies, Inc.

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Grant Goodyear]

[-- Attachment #1: Type: text/plain, Size: 226 bytes --]

> How does this sound to you people?

Wonderful!  Welcome to the party.  I think you should find your efforts
to be pretty straightforward w/ Gentoo, and we can always use more
people with security experience.

-Grant-

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Geert Bevin]

On Mon, 2002-01-07 at 17:13, Joachim Blaabjerg wrote:
> How does this sound to you people?

This sound very nice indeed !

> If any of you have any protests, suggestions, ideas or anything of the like,
> please drop me a line (off or on list, your choice). If I get positive response,
> I'll start learning the .ebuild files and install Gentoo on one of my machines
> (okay, I'll do that anyway... ;]).

You'll find portage and the ebuild format very flexible and powerful.
Don't hesitate asking questions about anything you have doubts about.

Best regards,

Geert

-- 
Geert Bevin
the Leaf sprl/bvba
"Use what you need"           Pierre Theunisstraat 1/47
http://www.theleaf.be         1030 Brussels
gbevin@theleaf.be             Tel & Fax +32 2 241 19 98

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Tod M. Neidt]

On Mon, 2002-01-07 at 10:13, Joachim Blaabjerg wrote:
 
I think this would be great!

Ditto's to the previous replys.

"Dittohead" tod

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Jano Lukac]

Joachim Blaabjerg said:
> Hi people,

> Recently, I asked mr. Robbins if I could use Portage in SuxOS, and we
> concluded with that a collaborative effort would be for the best. I've
> decided that I would really like to make a Portage "system profile" for
> SuxOS, as mr. Robbins suggested, and work with the Gentoo distribution
> (mainly Portage) as a base for SuxOS, effectively creating a security
> centralized version of Gentoo.

When you write about creating a secure profile, what exactly do you have in
mind?  e.g. package mask all insecure setups, or different pam
configuration files, changing default init-scripts or preventing wrong
programs from running, maybe kernel level options, etc etc.  ??

AW: [gentoo-dev] Secure Gentoo - What do you think?

[Sebastian Werner]

I read his page. It's seems to add string-overflow protections,
grsecurity kernel-patch and some other things.... Look at his page
(www.suxos.org) I think he will merge his technologies with gentoo.
Really cool idea!

Sebastian

-----Ursprüngliche Nachricht-----
Von: gentoo-dev-admin@gentoo.org [mailto:gentoo-dev-admin@gentoo.org] Im
Auftrag von Jano Lukac
Gesendet: Dienstag, 8. Januar 2002 01:33
An: gentoo-dev@gentoo.org
Betreff: Re: [gentoo-dev] Secure Gentoo - What do you think?

Joachim Blaabjerg said:
> Hi people,

> Recently, I asked mr. Robbins if I could use Portage in SuxOS, and we
> concluded with that a collaborative effort would be for the best. I've
> decided that I would really like to make a Portage "system profile"
for
> SuxOS, as mr. Robbins suggested, and work with the Gentoo distribution
> (mainly Portage) as a base for SuxOS, effectively creating a security
> centralized version of Gentoo.

When you write about creating a secure profile, what exactly do you have
in
mind?  e.g. package mask all insecure setups, or different pam
configuration files, changing default init-scripts or preventing wrong
programs from running, maybe kernel level options, etc etc.  ??


_______________________________________________
gentoo-dev mailing list
gentoo-dev@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-dev

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Mikael Hallendal]

[-- Attachment #1: Type: text/plain, Size: 1551 bytes --]

mån 2002-01-07 klockan 17.13 skrev Joachim Blaabjerg:
> Hi people,

Hi!
 
> Recently, I asked mr. Robbins if I could use Portage in SuxOS, and we concluded
> with that a collaborative effort would be for the best. I've decided that I
> would really like to make a Portage "system profile" for SuxOS, as mr. Robbins
> suggested, and work with the Gentoo distribution (mainly Portage) as a base for
> SuxOS, effectively creating a security centralized version of Gentoo.
> 
> How does this sound to you people?

This sounds very very nice in my ears. I have a few questions though.

Will this work be done on Gentoo or are you planning to use portage
SuxOS?

An interesting thought here would be to have some variable set in
make.conf that if set only lets you install packages from a list of
trusted apps/version. This would be a very flexible solution. Since it
lets you have the exact same operating system on your workstation/server
while having a really secure setup on your server.

> If any of you have any protests, suggestions, ideas or anything of the like,
> please drop me a line (off or on list, your choice). If I get positive response,
> I'll start learning the .ebuild files and install Gentoo on one of my machines
> (okay, I'll do that anyway... ;]).

Let us know if you have any problems.

Otherwise the only thing I have to say, welcome to the Gentoo community!

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal
Gentoo Linux Developer, Desktop Team Leader
CodeFactory AB, Stockholm, Sweden


[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

AW: [gentoo-dev] Secure Gentoo - What do you think?

[Sebastian Werner]

I think it's easier to copy parts of his os to gentoo... then the other
way.

Hope it will be so. 

Sebastian

-----Ursprüngliche Nachricht-----
Von: gentoo-dev-admin@gentoo.org [mailto:gentoo-dev-admin@gentoo.org] Im
Auftrag von Mikael Hallendal
Gesendet: Dienstag, 8. Januar 2002 11:52
An: gentoo-dev@gentoo.org
Betreff: Re: [gentoo-dev] Secure Gentoo - What do you think?

mån 2002-01-07 klockan 17.13 skrev Joachim Blaabjerg:
> Hi people,

Hi!
 
> Recently, I asked mr. Robbins if I could use Portage in SuxOS, and we
concluded
> with that a collaborative effort would be for the best. I've decided
that I
> would really like to make a Portage "system profile" for SuxOS, as mr.
Robbins
> suggested, and work with the Gentoo distribution (mainly Portage) as a
base for
> SuxOS, effectively creating a security centralized version of Gentoo.
> 
> How does this sound to you people?

This sounds very very nice in my ears. I have a few questions though.

Will this work be done on Gentoo or are you planning to use portage
SuxOS?

An interesting thought here would be to have some variable set in
make.conf that if set only lets you install packages from a list of
trusted apps/version. This would be a very flexible solution. Since it
lets you have the exact same operating system on your workstation/server
while having a really secure setup on your server.

> If any of you have any protests, suggestions, ideas or anything of the
like,
> please drop me a line (off or on list, your choice). If I get positive
response,
> I'll start learning the .ebuild files and install Gentoo on one of my
machines
> (okay, I'll do that anyway... ;]).

Let us know if you have any problems.

Otherwise the only thing I have to say, welcome to the Gentoo community!

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal
Gentoo Linux Developer, Desktop Team Leader
CodeFactory AB, Stockholm, Sweden

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg]

Mikael Hallendal <hallski@gentoo.org> wrote:

> Will this work be done on Gentoo or are you planning to use portage
> SuxOS?

I was planning to use Gentoo as a base, kind of, and make "secure" Portage
packages (with safe defaults etc., plus a few packages that aren't made for
Gentoo yes (AFAIK), like LIDS and libsafe, plus the patched kernel).

> An interesting thought here would be to have some variable set in
> make.conf that if set only lets you install packages from a list of
> trusted apps/version. This would be a very flexible solution. Since it
> lets you have the exact same operating system on your workstation/server
> while having a really secure setup on your server.

Hmm... Sounds interesting!

> Let us know if you have any problems.

I will...

My only "problem" right now is to figure out where to start... ;) I guess I'll
have to, more or less, modify each and every one of the .ebuild files.

> Otherwise the only thing I have to say, welcome to the Gentoo community!

Thanks a lot! :)

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Grant Goodyear]

[-- Attachment #1: Type: text/plain, Size: 1691 bytes --]

> I was planning to use Gentoo as a base, kind of, and make "secure" Portage
> packages (with safe defaults etc., plus a few packages that aren't made for
> Gentoo yes (AFAIK), like LIDS and libsafe, plus the patched kernel).

Very cool. Those additions would be extremely welcome.

> My only "problem" right now is to figure out where to start... ;) I guess I'll
> have to, more or less, modify each and every one of the .ebuild files.

Gads, I hope not!  If you do need to modify all of the ebuilds, then we
haven't done our jobs very well.  As for where to start, I assume you've
installed Gentoo once or twice to get a good feel for how it works? 
Then I would start on building a minimal SuxOS system.  You'll
presumably need to modify the bootstrap.sh script to compile glibc
with formatguard, create a SuxOS kernel ebuild that includes all of the
necessary patches, and make a /usr/portage/profiles/SuxOS/packages file
tailored to SuxOS needs.  Come play on #gentoo on irc.openprojects.net;
we'll be happy to help!

-g2boojum-
-- 
___________________________________________________________________
|     Grant Goodyear                  |  The Secrets of Physics:   |
|     Dept. of Chemistry - Clemson U  |1. Add zero.                |
|     Clemson, SC  29634              |2. Multiply by one.         |
|-------------------------------------|3. Expand in a Taylor series|
|e-mail: goodyea@clemson.edu          |4. Integrate by parts.      |
|www:g2.ces.clemson.edu/~grant        |5. Fourier transform.       |
|                                     |6. Add auxiliary variables  |
|_____________________________________|____________________________|
 

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Damon M. Conway]

 Joachim Blaabjerg wrote:
>Mikael Hallendal <hallski@gentoo.org> wrote:
>
>I was planning to use Gentoo as a base, kind of, and make "secure" Portage
>packages (with safe defaults etc., plus a few packages that aren't made for
>Gentoo yes (AFAIK), like LIDS and libsafe, plus the patched kernel).

Very cool.

>> An interesting thought here would be to have some variable set in
>> make.conf that if set only lets you install packages from a list of
>> trusted apps/version. This would be a very flexible solution. Since it
>> lets you have the exact same operating system on your workstation/server
>> while having a really secure setup on your server.
>
>Hmm... Sounds interesting!

Yes, I think you'll find that Gentoo (like BSD) has very good control over
the system from a very few centralized files.  There should be very little
reason to make your changes at the lowest level.  If there is, then
something in portage itself probably needs attention so that kind of work
can be avoided.  It's undesirable because of the maintenance cost.

>My only "problem" right now is to figure out where to start... ;) I guess I'll
>have to, more or less, modify each and every one of the .ebuild files.

I think this is where eclasses could really help.  Eclasses should allow
you to create a meta ebuild that looks for certain make.conf vars set and
react accordingly.  danarmak and drobbins are the ones to ask for more
details on eclasses.

>> Otherwise the only thing I have to say, welcome to the Gentoo community!

Ditto!

kabau

--
"UNIX was not designed to stop you from doing stupid things, because that
 would also stop you from doing clever things."  --Doug Gwyn

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Mikael Hallendal]

[-- Attachment #1: Type: text/plain, Size: 768 bytes --]

tis 2002-01-08 klockan 16.54 skrev Damon M. Conway:

> I think this is where eclasses could really help.  Eclasses should allow
> you to create a meta ebuild that looks for certain make.conf vars set and
> react accordingly.  danarmak and drobbins are the ones to ask for more
> details on eclasses.

For now eclasses should _only_ be used in KDE. A decission still has to
be made about eclasses. And both me and drobbins have some objections to
eclasses.

For one I think that eclasses break one of ebuilds most important
strength. The ease of use, that they are almost identical to installing
a package manually.

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal
Gentoo Linux Developer, Desktop Team Leader
CodeFactory AB, Stockholm, Sweden


[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Damon M. Conway]

 Mikael Hallendal wrote:
>tis 2002-01-08 klockan 16.54 skrev Damon M. Conway:
>
>> I think this is where eclasses could really help.  Eclasses should allow
>> you to create a meta ebuild that looks for certain make.conf vars set and
>> react accordingly.  danarmak and drobbins are the ones to ask for more
>> details on eclasses.
>
>For now eclasses should _only_ be used in KDE. A decission still has to
>be made about eclasses. And both me and drobbins have some objections to
>eclasses.

Hmm, ok.  I thought they were on their way to finalization.

>For one I think that eclasses break one of ebuilds most important
>strength. The ease of use, that they are almost identical to installing
>a package manually.

Depends on usage.  I think eclasses could be quite powerful for
cross-platform capabilities and system types (SuxOS, Web Server, etc), and
they, in theory, can pick up the global configuation baton where make.conf
leaves off.  As long as they are well-defined, I don't see how they really
cause any problems, or make ebuilds any harder to write.

kabau

--
"UNIX was not designed to stop you from doing stupid things, because that
 would also stop you from doing clever things."  --Doug Gwyn

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Mikael Hallendal]

[-- Attachment #1: Type: text/plain, Size: 717 bytes --]

tis 2002-01-08 klockan 18.10 skrev Damon M. Conway:

> Depends on usage.  I think eclasses could be quite powerful for
> cross-platform capabilities and system types (SuxOS, Web Server, etc), and
> they, in theory, can pick up the global configuation baton where make.conf
> leaves off.  As long as they are well-defined, I don't see how they really
> cause any problems, or make ebuilds any harder to write.

I agree to that they are powerful but I think they do it in a way that
makes it harder for new users to catch on to.

Have you looked any at the KDE build?

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal
Gentoo Linux Developer, Desktop Team Leader
CodeFactory AB, Stockholm, Sweden


[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Damon M. Conway]

 Mikael Hallendal wrote:
>
>I agree to that they are powerful but I think they do it in a way that
>makes it harder for new users to catch on to.

Hm, ok then, but I like the concept.  Maybe a method that's more accessible
to users.

>Have you looked any at the KDE build?

I started looking at them a few minutes ago.  I agree that they are kind of
complex, but I think that comes from too many layers.  I haven't dug into
them deep enough to tell if that much abstraction is reallly necessary.

kabau

--
"UNIX was not designed to stop you from doing stupid things, because that
 would also stop you from doing clever things."  --Doug Gwyn

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg]

On 08 Jan 2002 10:27:15 -0500
Grant Goodyear <goodyea@clemson.edu> wrote:
> 
> Gads, I hope not!  If you do need to modify all of the ebuilds, then we
> haven't done our jobs very well.  

There are a few problems that hopefully can be avoided easily, such as post
installation routines. I was planning on using a modularized script to update
the LIDS ACLs, and letting every new program add ACLs for itself in one
directory (one file for each program) upon installation. The problem (if one can
call it that) is that I've recently decided to make a deny-all type of LIDS
configuration, so every program that intends to do anything in particular will
need specialized LIDS ACLs... So unless there is a special way of doing this, I
think I'll have to modify a couple of .ebuild files... :-/ Luckily, I don't
intend to include all the programs you guys have made .ebuild files for, such as
X, Gnome, KDE, and other applications that are strictly unneccessary (and maybe
even a security risk) on a dedicated server.

> As for where to start, I assume you've installed Gentoo once or twice to get a
> good feel for how it works? 

Hopefully, I'll get an ADSL connection tomorrow (after waiting for a couple of
years...), so I can install Gentoo for the first time. I downloaded the .iso,
but downloading tens or hundreds of megabytes of source isn't really feasible
when you're connected to the 'net with a 56k modem ;)

> Then I would start on building a minimal SuxOS system.  You'll
> presumably need to modify the bootstrap.sh script to compile glibc
> with formatguard, create a SuxOS kernel ebuild that includes all of the
> necessary patches, and make a /usr/portage/profiles/SuxOS/packages file
> tailored to SuxOS needs.  Come play on #gentoo on irc.openprojects.net;
> we'll be happy to help!

#gentoo, here I come! ;)

BTW, have you guys got any ideas for a name?

Regards

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Tod M. Neidt]

On Tue, 2002-01-08 at 12:18, Joachim Blaabjerg wrote:

> Hopefully, I'll get an ADSL connection tomorrow (after waiting for a couple of
> years...), so I can install Gentoo for the first time. I downloaded the .iso,
> but downloading tens or hundreds of megabytes of source isn't really feasible
> when you're connected to the 'net with a 56k modem ;)

I did, but then again I'm a masochist :)
 
> 
> BTW, have you guys got any ideas for a name?
> 
How about "Gentoo Sux"!

<sorry, I just couldn't resist that ;)

tod
> Regards
> 
> -- 
> Joachim Blaabjerg
> styx@SuxOS.org
> www.SuxOS.org
> _______________________________________________

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Mikael Hallendal]

[-- Attachment #1: Type: text/plain, Size: 809 bytes --]

tis 2002-01-08 klockan 19.11 skrev Damon M. Conway:
>  Mikael Hallendal wrote:
> >
> >I agree to that they are powerful but I think they do it in a way that
> >makes it harder for new users to catch on to.
> 
> Hm, ok then, but I like the concept.  Maybe a method that's more accessible
> to users.

Exactly, I love the concept, but I don't think I like the
implementation.

I would like something that more or less just overrided variables that
can be used in the end-scripts. Instead of overriding functions and such
too (which makes the end-script look like anything but how you do it
when installing manually).

Not as powerful but not as complex.

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal
Gentoo Linux Developer, Desktop Team Leader
CodeFactory AB, Stockholm, Sweden


[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Karl Trygve Kalleberg]

On Tue, Jan 08, 2002 at 11:10:39AM -0600, Damon M. Conway wrote:
>  Mikael Hallendal wrote:
> >tis 2002-01-08 klockan 16.54 skrev Damon M. Conway:
> >
> >> I think this is where eclasses could really help.  Eclasses should allow
> >> you to create a meta ebuild that looks for certain make.conf vars set and
> >> react accordingly.  danarmak and drobbins are the ones to ask for more
> >> details on eclasses.
> >
> >For now eclasses should _only_ be used in KDE. A decission still has to
> >be made about eclasses. And both me and drobbins have some objections to
> >eclasses.
> 
> Hmm, ok.  I thought they were on their way to finalization.
> 
> >For one I think that eclasses break one of ebuilds most important
> >strength. The ease of use, that they are almost identical to installing
> >a package manually.
> 
> Depends on usage.  I think eclasses could be quite powerful for
> cross-platform capabilities and system types (SuxOS, Web Server, etc), and
> they, in theory, can pick up the global configuation baton where make.conf
> leaves off.  As long as they are well-defined, I don't see how they really
> cause any problems, or make ebuilds any harder to write.

>From what I have understood, eclasses is primarily about bringing a few of
the OOP principles to bash scripts. As a computer-linguist, I find this
attempt misguided at best, but as a system administrator/bash script
hacker, I find the idea appealing.

Since eclasses are associated with a learning curve, would it not be
preferrable to recast the whole inheritance thing in a proper
object-oriented language and rather build a support framework for it there
? 

For instance, use scsh (okay, okay, so Scheme might not be popular with
the crowd) or Python. If you take a look at SCons, you'll see Make recast
into Python, with all the benefits that gives you (stable, clean,
well-known language, lots of documentation, lots of support libraries,
cross-platform runtime).

Just stirring things up since the eclasses debate seems to be coming
regardless.


Karl T

Re: [gentoo-dev] Secure Gentoo - OO-ebuilds

[Einar Karttunen]

On 10.01.02 12:24 +0100(+0000), Karl Trygve Kalleberg wrote:
> On Tue, Jan 08, 2002 at 11:10:39AM -0600, Damon M. Conway wrote:
> >From what I have understood, eclasses is primarily about bringing a few of
> the OOP principles to bash scripts. As a computer-linguist, I find this
> attempt misguided at best, but as a system administrator/bash script
> hacker, I find the idea appealing.
> 
> Since eclasses are associated with a learning curve, would it not be
> preferrable to recast the whole inheritance thing in a proper
> object-oriented language and rather build a support framework for it there
> ? 
> 
> For instance, use scsh (okay, okay, so Scheme might not be popular with
> the crowd) or Python. If you take a look at SCons, you'll see Make recast
> into Python, with all the benefits that gives you (stable, clean,
> well-known language, lots of documentation, lots of support libraries,
> cross-platform runtime).
> 
> Just stirring things up since the eclasses debate seems to be coming
> regardless.
> 
hmm using scheme sounds very appealing, but the problem is that
many of us have an unnatural fear of parenthesises... By using
OO portage would be indeed more powerful and it would make it possible
for a user to override doman if he wishes so easily, or to add a hook
procedure that is run whenever src_compile is ready...

- Einar Karttunen

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg]

Hi again people,

I got an ADSL line installed yesterday (just waiting for the modem to arrive,
probably on friday), and I'm eager to install Gentoo. When I do (hopefully, this
weekend), I'll start making a new system profile for [insert "Secure Gentoo"
name here], so if you've got any implementation tips or clues, please tell me
now. :)

.plan: 
* Play around with Portage, get to know it properly
* Select the packages that are to be installed in the base 'secure' system
* Sort out the differences between the standard Gentoo packages and my packages
* Make .ebuild files for the packages that are missing (libsafe, LIDS etc.)

And how do you think the whole thing should be implemented? Will it be with a
USE variable? Would I then have to alter every one of the .ebuild files
available to respect the USE variable?

I'm thinking I could solve the problem of which packages to include by having a
'use secure (or whatever) && die "This package is not supported in the secure
distro [blah blah]"' directive in the packages that won't be included (like
XFree86, KDE, Gnome, etc.).

Anyway, I'm just brainstorming here, and haven't really gotten to know Portage
yet, so there might be some much better solutions to this problem.

Best Regards,

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Mikael Hallendal]

[-- Attachment #1: Type: text/plain, Size: 949 bytes --]

tor 2002-01-10 klockan 14.51 skrev Joachim Blaabjerg:
> Hi again people,
> 
> I got an ADSL line installed yesterday (just waiting for the modem to arrive,
> probably on friday), and I'm eager to install Gentoo. 

Nice!

> I'm thinking I could solve the problem of which packages to include by having a
> 'use secure (or whatever) && die "This package is not supported in the secure
> distro [blah blah]"' directive in the packages that won't be included (like
> XFree86, KDE, Gnome, etc.).

We don't want to add this to all ebuilds not supporting the
secure-stuff. This will be very hard and unmaintainable. Better would be
to create a profile which includes packages and version and then use
that profile for the secured version (thus not making it possible to
install any other packages).

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal
Gentoo Linux Developer, Desktop Team Leader
CodeFactory AB, Stockholm, Sweden


[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg]

On 10 Jan 2002 15:40:40 +0100
Mikael Hallendal <hallski@gentoo.org> wrote:
>
> Nice!

I know ;)

> 
> We don't want to add this to all ebuilds not supporting the
> secure-stuff. This will be very hard and unmaintainable. Better would be
> to create a profile which includes packages and version and then use
> that profile for the secured version (thus not making it possible to
> install any other packages).

Ah, okay, I see... But what do you think, will there be a USE variable, or
something else?

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Dan Armak]

On Thursday 10 January 2002 13:24, you wrote:
> From what I have understood, eclasses is primarily about bringing a few of
> the OOP principles to bash scripts. As a computer-linguist, I find this
> attempt misguided at best, but as a system administrator/bash script
> hacker, I find the idea appealing.
Well, it's priamrily about bringing one principle to bash, and that is code 
reuse (which isn't even strictly OOP). Things like variable scope/visibility 
(which doesn't really exist in bash) tend to poke spikes into the wheels. 

>
> Since eclasses are associated with a learning curve, would it not be
> preferrable to recast the whole inheritance thing in a proper
> object-oriented language and rather build a support framework for it there
> ?
Well, the big idea behind ebuilds in general is to make them as similar to 
compiling a package by hand (i.e. from a bash shell) as possible. Of course, 
eclasses are already sufficiently unlike that, but moving to python would 
still make things worse. For one thing, not everyone knows python as well as 
they do bash (me included).

I think that right now I should update/cleanup the eclass howto. I'll make a 
short, readable document. So, to work :-)


-- 
Dan Armak
Gentoo Linux, Desktop Team
Matan, Israel

AW: [gentoo-dev] Secure Gentoo - What do you think?

[Sebastian Werner]

I think it's much easier to update a ebuild with a USE flag to current
version / with current patches (You need to update only one file) as to
do this with a special and the normal version (You need to update 2
files).

Sebastian

-----Ursprüngliche Nachricht-----
Von: gentoo-dev-admin@gentoo.org [mailto:gentoo-dev-admin@gentoo.org] Im
Auftrag von Joachim Blaabjerg
Gesendet: Donnerstag, 10. Januar 2002 16:01
An: gentoo-dev@gentoo.org
Betreff: Re: [gentoo-dev] Secure Gentoo - What do you think?

On 10 Jan 2002 15:40:40 +0100
Mikael Hallendal <hallski@gentoo.org> wrote:
>
> Nice!

I know ;)

> 
> We don't want to add this to all ebuilds not supporting the
> secure-stuff. This will be very hard and unmaintainable. Better would
be
> to create a profile which includes packages and version and then use
> that profile for the secured version (thus not making it possible to
> install any other packages).

Ah, okay, I see... But what do you think, will there be a USE variable,
or
something else?

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org
_______________________________________________
gentoo-dev mailing list
gentoo-dev@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-dev

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg]

Hi again,

Another thought; if we use a USE variable, I guess I could just make patches for
the programs (Makefiles etc.), and we could have a 

use secure && patch -p0 < ${FILESDIR}/${P}-secure.diff

in the .ebuild files of the programs in my system profile. I don't think I need
to change anything else in the .ebuild, as I can just use the program's
installation routines to install the needed LIDS ACLs, change permissions, etc.

What do you think?
 
-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Martin Schlemmer]

[-- Attachment #1: Type: text/plain, Size: 1517 bytes --]

On Thu, 2002-01-10 at 17:00, Joachim Blaabjerg wrote:
> On 10 Jan 2002 15:40:40 +0100
> Mikael Hallendal <hallski@gentoo.org> wrote:
> >
> > Nice!
> 
> I know ;)
> 
> > 
> > We don't want to add this to all ebuilds not supporting the
> > secure-stuff. This will be very hard and unmaintainable. Better would be
> > to create a profile which includes packages and version and then use
> > that profile for the secured version (thus not making it possible to
> > install any other packages).
> 
> Ah, okay, I see... But what do you think, will there be a USE variable, or
> something else?
> 

Like Mikael said, you can 'mask' the packages that your
secure version do not use, so that they are not installeble
unless forced (after all, it is the user's right to fsck up
his system/bridge security if he feels like it ;-).

Then for the extra security patches, you could use USE
variables like you suggested yourself.  This will be nothing
new (look at the 'build' variable for instance ...), and it
will be cleaner than using eclasses.

Using eclasses to do something like this will complicate
things too much in my opinion, and each package will be
different in the way you have to secure it (different patches,
maybe different ./configure flags, etc).

Anyhow, eclasses are just for KDE and still in
testing/approval (not that I am one to make this statement ;/)


Greetings,

-- 

Martin Schlemmer
Gentoo Linux Developer, Desktop Team Developer
Cape Town, South Africa


[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Daniel Robbins]

On Thu, 2002-01-10 at 10:09, Joachim Blaabjerg wrote:
> Hi again,
> 
> Another thought; if we use a USE variable, I guess I could just make patches for
> the programs (Makefiles etc.), and we could have a 
> 
> use secure && patch -p0 < ${FILESDIR}/${P}-secure.diff
> 
> in the .ebuild files of the programs in my system profile. I don't think I need
> to change anything else in the .ebuild, as I can just use the program's
> installation routines to install the needed LIDS ACLs, change permissions, etc.
> 
> What do you think?

Yes, something like this would be fine.  "We have the technology," as
they say :)

-- 
Daniel Robbins                                  <drobbins@gentoo.org>
Chief Architect/President                       http://www.gentoo.org 
Gentoo Technologies, Inc.

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Grant Goodyear]

[-- Attachment #1: Type: text/plain, Size: 2287 bytes --]

> .plan: 
> * Play around with Portage, get to know it properly
> * Select the packages that are to be installed in the base 'secure' system
> * Sort out the differences between the standard Gentoo packages and my packages
> * Make .ebuild files for the packages that are missing (libsafe, LIDS etc.)

Makes good sense, especially the first item!  If you give us some
examples of how your secure packages will differ from our standard
ebuilds, once you get there, we can probably help.  

> And how do you think the whole thing should be implemented? Will it be with a
> USE variable? Would I then have to alter every one of the .ebuild files
> available to respect the USE variable?

Use variables (along with a unique profile) are almost certainly the
right way to go about it.  Only ebuilds that need different
functionality would then need the new USE variable.  Presumably the
KDE/GNOME ebuilds, for example, should never need to be touched.

> I'm thinking I could solve the problem of which packages to include by having a
> 'use secure (or whatever) && die "This package is not supported in the secure
> distro [blah blah]"' directive in the packages that won't be included (like
> XFree86, KDE, Gnome, etc.).

Nah.  You set up the default packages to install in your
profile/packages file.  If people want to install unsupported packages
you can either just let them do so, or I'm sure that Drobbins can figure
out a reasonable way of making sure that if /etc/make.profile points to
your secure distribution then only those packages in
/etc/make.profile/packages would be allowed by portage.

Best,
g2boojum
-- 
___________________________________________________________________
|     Grant Goodyear                  |  The Secrets of Physics:   |
|     Dept. of Chemistry - Clemson U  |1. Add zero.                |
|     Clemson, SC  29634              |2. Multiply by one.         |
|-------------------------------------|3. Expand in a Taylor series|
|e-mail: goodyea@clemson.edu          |4. Integrate by parts.      |
|www:g2.ces.clemson.edu/~grant        |5. Fourier transform.       |
|                                     |6. Add auxiliary variables  |
|_____________________________________|____________________________|
 

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Sebastian Werner]

Hey,

really cool this project... mhh it seems that you must patch all the
init-scripts, too... or. i look some minutes ago some docs on the lids
homepage... really great. But it seems to be much work. So my question.
In how many weeks you think you can have the first release of this
something like working..? ;-) I must setup a new server in our company
and it seems to be nice to do this with Gentoo-Sox ;-)

Greetings

Sebastian


Am Don, 2002-01-10 um 18.09 schrieb Joachim Blaabjerg:
> Hi again,
> 
> Another thought; if we use a USE variable, I guess I could just make patches for
> the programs (Makefiles etc.), and we could have a 
> 
> use secure && patch -p0 < ${FILESDIR}/${P}-secure.diff
> 
> in the .ebuild files of the programs in my system profile. I don't think I need
> to change anything else in the .ebuild, as I can just use the program's
> installation routines to install the needed LIDS ACLs, change permissions, etc.
> 
> What do you think?
>  
> -- 
> Joachim Blaabjerg
> styx@SuxOS.org
> www.SuxOS.org
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev
-- 
---------------------------------
Sebastian Werner

http://www.werner-productions.de
sebastian@werner-productions.de

Bismarckstraße 51
32427 Minden
---------------------------------

Re: [gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg]

On 11 Jan 2002 20:07:01 +0100
Sebastian Werner <sebastian@werner-productions.de> wrote:

> Hey,
> 
> really cool this project... mhh it seems that you must patch all the
> init-scripts, too... or. i look some minutes ago some docs on the lids
> homepage... really great. But it seems to be much work. So my question.

Well, I'm not really sure. The ADSL modem didn't arrive today either, so I
haven't been able to install Gentoo yet... And why would I have to patch all the
init scripts? Are you thinking about /etc/mtab and the mount -n issue? Anyway, I
think that could be solved pretty easily and quickly... :)

> In how many weeks you think you can have the first release of this
> something like working..? ;-) 

Hehe, deadlines are not my strength! If you had observed the SuxOS site the lsat
months, you'd have known that. ;) I was originally planning to have it finished
by some time in february 2001, but I started again from scratch, then something
else got in the way (plus, I'm a busy student), and I haven't even been able to
release a beta yet... (Although the machine hosting suxos.org has been running a
pre-beta since may). A rough estimate though: One or two months.

> I must setup a new server in our company and it seems to be nice to do this >
with Gentoo-Sox ;-)

Ah :)

> Greetings
> 
> Sebastian

Best Regards,

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org