* [gentoo-dev] Secure Gentoo
@ 2002-03-06 17:43 Joachim Blaabjerg
2002-03-06 18:04 ` Daniel Robbins
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Joachim Blaabjerg @ 2002-03-06 17:43 UTC (permalink / raw
To: gentoo-dev
Hi again, people,
If you don't have any further ideas/thoughts/objections/whatever, I'll
finally start working on Secure Gentoo (or whatever the name is) now.
I've had a few time problems lately, so I'm sorry I haven't got started
earlier.
What I'm going to do:
* Make a profile with a small (minimal) set of apps, and slowly expand
it as I get more packages done/patched.
* Make a kernel patch, probably based on the Gentoo kernel, but with
GrSecurity, kerneli, a few netfilter patches etc.
* Patch packages with patches from the Owl GNU/*/Linux project (of which
I am lucky to be a currently idling developer), and make ACLs for each
app.
My original intent was to use LIDS, but I've somewhat changed my mind.
The ACL system in grsec has matured greatly lately, and I'm trying it
out as we speak. Have any of you got any experiences or thoughts on this
you want to share?
I've got a few questions, too:
Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa
or rmap)?
How will this be done practically? I'm thinking in particular about the
freeze, and the proposed unstable branch.
How paranoid should it be? My first plan was to create ACLs for each and
every binary and deny almost everything else, but that might be too
paranoid for most people. What do you think? How about three security
levels (no ACLs, normal ACLs and very strict ACls)?
Any other thoughts and ideas will be greatly appreciated :)
--
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [gentoo-dev] Secure Gentoo 2002-03-06 17:43 [gentoo-dev] Secure Gentoo Joachim Blaabjerg @ 2002-03-06 18:04 ` Daniel Robbins 2002-03-06 18:53 ` P.Gnodde ` (2 subsequent siblings) 3 siblings, 0 replies; 10+ messages in thread From: Daniel Robbins @ 2002-03-06 18:04 UTC (permalink / raw To: gentoo-dev On Wed, 2002-03-06 at 10:43, Joachim Blaabjerg wrote: > I've got a few questions, too: > Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa > or rmap)? We tried an -aa kernel (2.4.18) and we didn't get good desktop performance out of it. We're planning to stick to -ac which includes rmap. -- Daniel Robbins <drobbins@gentoo.org> Chief Architect/President http://www.gentoo.org Gentoo Technologies, Inc. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-06 17:43 [gentoo-dev] Secure Gentoo Joachim Blaabjerg 2002-03-06 18:04 ` Daniel Robbins @ 2002-03-06 18:53 ` P.Gnodde 2002-03-06 21:24 ` Nic Desjardins 2002-03-06 18:53 ` Sebastian Werner 2002-03-07 20:08 ` Karl Trygve Kalleberg 3 siblings, 1 reply; 10+ messages in thread From: P.Gnodde @ 2002-03-06 18:53 UTC (permalink / raw To: gentoo-dev; +Cc: styx Hi all, It has not been long ago since I've installed Gentoo, but at the moment it's running on my desktop, laptop and 1 of my servers (the other 2 run openbsd and slackware and I do not plan at replacing them :). I really like this distribution and am still learning new things about linux because of it :). Back to the topic at hand ... I am just starting to get interested in security issues with linux. The company I work for has some sensative data of customers, so I used the kerneli patch to create an encrypted filesystem. And I like it. I've also been reading up on other issues, like random filehandles and stuff like that. I'd really like to learn more about it, so perhaps I can help in some ways with this Secure Gentoo project if it's needed (testing of beta patches/packages, etc.) (btw, I'm a coder, but I do not have much experience in kernelhacking or security related projects) > * Make a kernel patch, probably based on the Gentoo kernel, but with > GrSecurity, kerneli, a few netfilter patches etc. At the moment I have the gentoo kernel running with the kerneli patch. The GrSecurity patch had a few failed hunks, I'm integrating them now. If your interested I could send you a patch after I'm done. I also have a ready to install package of util-linux, with the kerneli patch. I don't yet know if the combination is stable :). > Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa > or rmap)? I think rmap is pretty stable now and most problems have been solved, it's been good for Rik van Riel to have a little freedom in developing the VM :). Although I do know that Rik used to work for a (network) security company here in Holland :). > How will this be done practically? I'm thinking in particular about the > freeze, and the proposed unstable branch. Perhaps start a new branch, so we have a 'stable', 'unstable' and 'secure' branch. > How paranoid should it be? My first plan was to create ACLs for each and > every binary and deny almost everything else, but that might be too > paranoid for most people. What do you think? How about three security > levels (no ACLs, normal ACLs and very strict ACls)? The levels idea sounds like a nice idea, but it should be documented really good, so users can choose a good security level for their purposes. Regards, Peter Gnodde PCS Webdesign BV http://www.pcswebdesign.nl/ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-06 18:53 ` P.Gnodde @ 2002-03-06 21:24 ` Nic Desjardins 2002-03-06 20:50 ` Joachim Blaabjerg 2002-03-07 21:26 ` mbutcher 0 siblings, 2 replies; 10+ messages in thread From: Nic Desjardins @ 2002-03-06 21:24 UTC (permalink / raw To: gentoo-dev On Wed, 6 Mar 2002 19:53:12 +0100 P.Gnodde <peter@pcswebdesign.nl> wrote: > Hi all, > > It has not been long ago since I've installed Gentoo, but at the moment it's running on my desktop, laptop and 1 of my servers (the other 2 run openbsd and slackware and I do not plan at replacing them :). I really like this distribution and am still learning new things about linux because of it :). > > Back to the topic at hand ... I am just starting to get interested in security issues with linux. The company I work for has some sensative data of customers, so I used the kerneli patch to create an encrypted filesystem. And I like it. I've also been reading up on other issues, like random filehandles and stuff like that. I'd really like to learn more about it, so perhaps I can help in some ways with this Secure Gentoo project if it's needed (testing of beta patches/packages, etc.) (btw, I'm a coder, but I do not have much experience in kernelhacking or security related projects) > > > * Make a kernel patch, probably based on the Gentoo kernel, but with > > GrSecurity, kerneli, a few netfilter patches etc. > At the moment I have the gentoo kernel running with the kerneli patch. The GrSecurity patch had a few failed hunks, I'm integrating them now. If your interested I could send you a patch after I'm done. I also have a ready to install package of util-linux, with the kerneli patch. I don't yet know if the combination is stable :). > > > Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa > > or rmap)? > I think rmap is pretty stable now and most problems have been solved, it's been good for Rik van Riel to have a little freedom in developing the VM :). Although I do know that Rik used to work for a (network) security company here in Holland :). > > > How will this be done practically? I'm thinking in particular about the > > freeze, and the proposed unstable branch. > Perhaps start a new branch, so we have a 'stable', 'unstable' and 'secure' branch. > > > How paranoid should it be? My first plan was to create ACLs for each and > > every binary and deny almost everything else, but that might be too > > paranoid for most people. What do you think? How about three security > > levels (no ACLs, normal ACLs and very strict ACls)? > The levels idea sounds like a nice idea, but it should be documented really good, so users can choose a good security level for their purposes. > I must make a note here, usually with security levels its too, how can I say this... 'generic', I mean you could look at how buggy a daemon has been in the past and have it marked level 4 security and other stuff too, but I usually think of security as something the user sets up himself. I like it this way. The other thing is, the user installs/starts the servers he wants, so there is no real need for security levels since the user will really do whatever he wants. Nic D. > Regards, > > Peter Gnodde > PCS Webdesign BV > http://www.pcswebdesign.nl/ > _______________________________________________ > gentoo-dev mailing list > gentoo-dev@gentoo.org > http://lists.gentoo.org/mailman/listinfo/gentoo-dev ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-06 21:24 ` Nic Desjardins @ 2002-03-06 20:50 ` Joachim Blaabjerg 2002-03-07 21:26 ` mbutcher 1 sibling, 0 replies; 10+ messages in thread From: Joachim Blaabjerg @ 2002-03-06 20:50 UTC (permalink / raw To: gentoo-dev On Wed, 2002-03-06 at 22:24, Nic Desjardins wrote: > > > How paranoid should it be? My first plan was to create ACLs for each and > > > every binary and deny almost everything else, but that might be too > > > paranoid for most people. What do you think? How about three security > > > levels (no ACLs, normal ACLs and very strict ACls)? > > The levels idea sounds like a nice idea, but it should be documented really good, so users can choose a good security level for their purposes. > > > > I must make a note here, usually with security levels its too, how can I say this... 'generic', I mean you could look at how buggy a daemon has been in the past and have it marked level 4 security and other stuff too, but I usually think of security as something the user sets up himself. I like it this way. > The other thing is, the user installs/starts the servers he wants, so there is no real need for security levels since the user will really do whatever he wants. Well, I tend to agree, but most users would want to have a starting point somewhat close to what they're trying to achieve. The security levels I'm speaking of, are simply levels of strictness (or, 'security' if you will) in ACLs, not the entire system. Writing those ACLs is a tedious process, and it involves a lot of debugging and strace'ing a normal user in need of security simply wouldn't want to get into. -- Joachim Blaabjerg styx@SuxOS.org www.SuxOS.org ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-06 21:24 ` Nic Desjardins 2002-03-06 20:50 ` Joachim Blaabjerg @ 2002-03-07 21:26 ` mbutcher 1 sibling, 0 replies; 10+ messages in thread From: mbutcher @ 2002-03-07 21:26 UTC (permalink / raw To: gentoo-dev Can someone explain to me the difference between kerneli and the International Crypto API kernel modules? I'd really like to be able to use encrypted filesystems that use something a little stronger than DES. Thanks, Matt On Wednesday 06 March 2002 02:24 pm, you wrote: > On Wed, 6 Mar 2002 19:53:12 +0100 > > P.Gnodde <peter@pcswebdesign.nl> wrote: > > Hi all, > > > > It has not been long ago since I've installed Gentoo, but at the moment > > it's running on my desktop, laptop and 1 of my servers (the other 2 run > > openbsd and slackware and I do not plan at replacing them :). I really > > like this distribution and am still learning new things about linux > > because of it :). > > > > Back to the topic at hand ... I am just starting to get interested in > > security issues with linux. The company I work for has some sensative > > data of customers, so I used the kerneli patch to create an encrypted > > filesystem. And I like it. I've also been reading up on other issues, > > like random filehandles and stuff like that. I'd really like to learn > > more about it, so perhaps I can help in some ways with this Secure Gentoo > > project if it's needed (testing of beta patches/packages, etc.) (btw, I'm > > a coder, but I do not have much experience in kernelhacking or security > > related projects) > > > > > * Make a kernel patch, probably based on the Gentoo kernel, but with > > > GrSecurity, kerneli, a few netfilter patches etc. > > > > At the moment I have the gentoo kernel running with the kerneli patch. > > The GrSecurity patch had a few failed hunks, I'm integrating them now. If > > your interested I could send you a patch after I'm done. I also have a > > ready to install package of util-linux, with the kerneli patch. I don't > > yet know if the combination is stable :). > > > > > Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa > > > or rmap)? > > > > I think rmap is pretty stable now and most problems have been solved, > > it's been good for Rik van Riel to have a little freedom in developing > > the VM :). Although I do know that Rik used to work for a (network) > > security company here in Holland :). > > > > > How will this be done practically? I'm thinking in particular about the > > > freeze, and the proposed unstable branch. > > > > Perhaps start a new branch, so we have a 'stable', 'unstable' and > > 'secure' branch. > > > > > How paranoid should it be? My first plan was to create ACLs for each > > > and every binary and deny almost everything else, but that might be too > > > paranoid for most people. What do you think? How about three security > > > levels (no ACLs, normal ACLs and very strict ACls)? > > > > The levels idea sounds like a nice idea, but it should be documented > > really good, so users can choose a good security level for their > > purposes. > > I must make a note here, usually with security levels its too, how can I > say this... 'generic', I mean you could look at how buggy a daemon has been > in the past and have it marked level 4 security and other stuff too, but I > usually think of security as something the user sets up himself. I like it > this way. The other thing is, the user installs/starts the servers he > wants, so there is no real need for security levels since the user will > really do whatever he wants. > > Nic D. > > > Regards, > > > > Peter Gnodde > > PCS Webdesign BV > > http://www.pcswebdesign.nl/ > > _______________________________________________ > > gentoo-dev mailing list > > gentoo-dev@gentoo.org > > http://lists.gentoo.org/mailman/listinfo/gentoo-dev > > _______________________________________________ > gentoo-dev mailing list > gentoo-dev@gentoo.org > http://lists.gentoo.org/mailman/listinfo/gentoo-dev ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-06 17:43 [gentoo-dev] Secure Gentoo Joachim Blaabjerg 2002-03-06 18:04 ` Daniel Robbins 2002-03-06 18:53 ` P.Gnodde @ 2002-03-06 18:53 ` Sebastian Werner 2002-03-08 11:12 ` Joachim Blaabjerg 2002-03-07 20:08 ` Karl Trygve Kalleberg 3 siblings, 1 reply; 10+ messages in thread From: Sebastian Werner @ 2002-03-06 18:53 UTC (permalink / raw To: gentoo-dev This is great really great. I have not really much time to play with this. But I could help you in parts of to do work. Contact me and we could do it. I think it's enough to create acl's for the basesystem and some special server apps. All these kde and gnome apps must not be installed on a real server I think - so you need no acl's here. Greetings Sebastian Am 06.03.2002 18:43:28, schrieb Joachim Blaabjerg <styx@SuxOS.org>: >Hi again, people, > >If you don't have any further ideas/thoughts/objections/whatever, I'll >finally start working on Secure Gentoo (or whatever the name is) now. >I've had a few time problems lately, so I'm sorry I haven't got started >earlier. > >What I'm going to do: >* Make a profile with a small (minimal) set of apps, and slowly expand >it as I get more packages done/patched. >* Make a kernel patch, probably based on the Gentoo kernel, but with >GrSecurity, kerneli, a few netfilter patches etc. >* Patch packages with patches from the Owl GNU/*/Linux project (of which >I am lucky to be a currently idling developer), and make ACLs for each >app. > >My original intent was to use LIDS, but I've somewhat changed my mind. >The ACL system in grsec has matured greatly lately, and I'm trying it >out as we speak. Have any of you got any experiences or thoughts on this >you want to share? > >I've got a few questions, too: >Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa >or rmap)? >How will this be done practically? I'm thinking in particular about the >freeze, and the proposed unstable branch. >How paranoid should it be? My first plan was to create ACLs for each and >every binary and deny almost everything else, but that might be too >paranoid for most people. What do you think? How about three security >levels (no ACLs, normal ACLs and very strict ACls)? > >Any other thoughts and ideas will be greatly appreciated :) > >-- >Joachim Blaabjerg >styx@SuxOS.org >www.SuxOS.org > >_______________________________________________ >gentoo-dev mailing list >gentoo-dev@gentoo.org >http://lists.gentoo.org/mailman/listinfo/gentoo-dev > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-06 18:53 ` Sebastian Werner @ 2002-03-08 11:12 ` Joachim Blaabjerg 0 siblings, 0 replies; 10+ messages in thread From: Joachim Blaabjerg @ 2002-03-08 11:12 UTC (permalink / raw To: gentoo-dev On Wed, 2002-03-06 at 19:53, Sebastian Werner wrote: > This is great really great. I have not really much time to play with this. But I > could help you in parts of to do work. Contact me and we could do it. Great, I need all the help I can get :) > I think it's enough to create acl's for the basesystem and some special > server apps. All these kde and gnome apps must not be installed on a real > server I think - so you need no acl's here. My thoughts exactly. -- Joachim Blaabjerg styx@SuxOS.org www.SuxOS.org ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-06 17:43 [gentoo-dev] Secure Gentoo Joachim Blaabjerg ` (2 preceding siblings ...) 2002-03-06 18:53 ` Sebastian Werner @ 2002-03-07 20:08 ` Karl Trygve Kalleberg 2002-03-08 11:11 ` Joachim Blaabjerg 3 siblings, 1 reply; 10+ messages in thread From: Karl Trygve Kalleberg @ 2002-03-07 20:08 UTC (permalink / raw To: gentoo-dev I just have to throw in my "me too" post here. I think this is an excellent idea. It would be very nice if as you point out, one could merge a "secure" profile that is reasonably bugfree and secure, where it was easy to customize which services you want to run, with what kind of privilege, etc. Would a "sandboxing"/"playpen"/"virtual machine" feature where you could put users into groups where users inside one group can see each other (w, ps, who, id..) but not outside the group be possible ? I've noticed they have something akin to that on login.sf.net and that grsecurity tries to solve some of these problems. Kind regards, Karl T ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Secure Gentoo 2002-03-07 20:08 ` Karl Trygve Kalleberg @ 2002-03-08 11:11 ` Joachim Blaabjerg 0 siblings, 0 replies; 10+ messages in thread From: Joachim Blaabjerg @ 2002-03-08 11:11 UTC (permalink / raw To: gentoo-dev On Thu, 2002-03-07 at 21:08, Karl Trygve Kalleberg wrote: > Would a "sandboxing"/"playpen"/"virtual machine" feature where you could > put users into groups where users inside one group can see each other (w, > ps, who, id..) but not outside the group be possible ? I've noticed they > have something akin to that on login.sf.net and that grsecurity tries to > solve some of these problems. I know grsecurity has some /proc restrictions, which are very nice. Other than that, I'm not sure. -- Joachim Blaabjerg styx@SuxOS.org www.SuxOS.org ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2002-03-08 11:16 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-03-06 17:43 [gentoo-dev] Secure Gentoo Joachim Blaabjerg 2002-03-06 18:04 ` Daniel Robbins 2002-03-06 18:53 ` P.Gnodde 2002-03-06 21:24 ` Nic Desjardins 2002-03-06 20:50 ` Joachim Blaabjerg 2002-03-07 21:26 ` mbutcher 2002-03-06 18:53 ` Sebastian Werner 2002-03-08 11:12 ` Joachim Blaabjerg 2002-03-07 20:08 ` Karl Trygve Kalleberg 2002-03-08 11:11 ` Joachim Blaabjerg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox