Re: [gentoo-dev] Secure Gentoo

[mbutcher <mbutcher@aleph-null.tv>]

Can someone explain to me the difference between kerneli and the 
International Crypto API kernel modules? I'd really like to be able to use 
encrypted filesystems that use something a little stronger than DES.

Thanks,

Matt

On Wednesday 06 March 2002 02:24 pm, you wrote:
> On Wed, 6 Mar 2002 19:53:12 +0100
>
> P.Gnodde <peter@pcswebdesign.nl> wrote:
> > Hi all,
> >
> > It has not been long ago since I've installed Gentoo, but at the moment
> > it's running on my desktop, laptop and 1 of my servers (the other 2 run
> > openbsd and slackware and I do not plan at replacing them :). I really
> > like this distribution and am still learning new things about linux
> > because of it :).
> >
> > Back to the topic at hand ... I am just starting to get interested in
> > security issues with linux. The company I work for has some sensative
> > data of customers, so I used the kerneli patch to create an encrypted
> > filesystem. And I like it. I've also been reading up on other issues,
> > like random filehandles and stuff like that. I'd really like to learn
> > more about it, so perhaps I can help in some ways with this Secure Gentoo
> > project if it's needed (testing of beta patches/packages, etc.) (btw, I'm
> > a coder, but I do not have much experience in kernelhacking or security
> > related projects)
> >
> > > * Make a kernel patch, probably based on the Gentoo kernel, but with
> > > GrSecurity, kerneli, a few netfilter patches etc.
> >
> > At the moment I have the gentoo kernel running with the kerneli patch.
> > The GrSecurity patch had a few failed hunks, I'm integrating them now. If
> > your interested I could send you a patch after I'm done. I also have a
> > ready to install package of util-linux, with the kerneli patch. I don't
> > yet know if the combination is stable :).
> >
> > > Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa
> > > or rmap)?
> >
> > I think rmap is pretty stable now and most problems have been solved,
> > it's been good for Rik van Riel to have a little freedom in developing
> > the VM :). Although I do know that Rik used to work for a (network)
> > security company here in Holland :).
> >
> > > How will this be done practically? I'm thinking in particular about the
> > > freeze, and the proposed unstable branch.
> >
> > Perhaps start a new branch, so we have a 'stable', 'unstable' and
> > 'secure' branch.
> >
> > > How paranoid should it be? My first plan was to create ACLs for each
> > > and every binary and deny almost everything else, but that might be too
> > > paranoid for most people. What do you think? How about three security
> > > levels (no ACLs, normal ACLs and very strict ACls)?
> >
> > The levels idea sounds like a nice idea, but it should be documented
> > really good, so users can choose a good security level for their
> > purposes.
>
> I must make a note here, usually with security levels its too, how can I
> say this... 'generic', I mean you could look at how buggy a daemon has been
> in the past and have it marked level 4 security and other stuff too, but I
> usually think of security as something the user sets up himself. I like it
> this way. The other thing is, the user installs/starts the servers he
> wants, so there is no real need for security levels since the user will
> really do whatever he wants.
>
> Nic D.
>
> > Regards,
> >
> > Peter Gnodde
> > PCS Webdesign BV
> > http://www.pcswebdesign.nl/
> > _______________________________________________
> > gentoo-dev mailing list
> > gentoo-dev@gentoo.org
> > http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev