From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L5Ijx-0004dQ-In for garchives@archives.gentoo.org; Wed, 26 Nov 2008 11:39:29 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 82D61E04E5; Wed, 26 Nov 2008 11:39:27 +0000 (UTC) Received: from ey-out-1920.google.com (ey-out-1920.google.com [74.125.78.146]) by pigeon.gentoo.org (Postfix) with ESMTP id 2A700E04E5 for ; Wed, 26 Nov 2008 11:39:27 +0000 (UTC) Received: by ey-out-1920.google.com with SMTP id 4so168565eyk.10 for ; Wed, 26 Nov 2008 03:39:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=vRKbT5dHjPWMH0jer82ZwNnwJAPppVeouqgvqc8F5Qk=; b=tmNX2LKsaTfb8miCTAUeN88xFNHWY7RG4b0kCDjllQ4PHANaj/VlNq8EiHswKiRNOc J68aXJzv39o7sNv13/AsI+nJhWtj/QQEdTV7BFWUxU3xCR25Aub6e/28BfcEk3/iftad lvIz/Z6szYsgUXovPhpdiPqs29wQDbVtjFrkc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :message-id; b=bnHsdbl2Jkl+jG4kVY2XrEMq3cQx+2K+3uCAd3NGowGQWmQUDCWWJLwtS3+p5CgBXN ZNpSSUxo+VTYaR1bIzY60OZq30CQDHIi8hHp0xDSXuETnEo5sxI7EhSx8hZaDvbYRuXv kEXRfUyJuPvxnRd99KXFOG3YOABWAUeiT3ALE= Received: by 10.210.67.4 with SMTP id p4mr5869820eba.167.1227699566610; Wed, 26 Nov 2008 03:39:26 -0800 (PST) Received: from ?192.168.7.111? ([62.63.130.154]) by mx.google.com with ESMTPS id y34sm64333iky.13.2008.11.26.03.39.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 26 Nov 2008 03:39:25 -0800 (PST) From: Jan Klod To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] hardened workstation - is that worth it? Date: Wed, 26 Nov 2008 11:39:22 +0000 User-Agent: KMail/1.9.9 References: <200811251700.45540.janklodvan@gmail.com> <200811252158.06957.janklodvan@gmail.com> <4255c2570811251414p5e437865me4149d45a9f961f4@mail.gmail.com> In-Reply-To: <4255c2570811251414p5e437865me4149d45a9f961f4@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200811261139.23037.janklodvan@gmail.com> X-Archives-Salt: 240a4b15-9963-4872-b311-20df728c82d9 X-Archives-Hash: 88bab0c8d290a11c72aa306dc39e29a5 On Tuesday 25 November 2008 22:14:47 RB wrote: > On Tue, Nov 25, 2008 at 14:58, Jan Klod wrote: > > Actually, that sound like there is practically no way to keep networked > > workstation really secure. > > That's kind of outside the realm of this discussion. The difference > between the attack surface of a network interface versus that of a > local application is several orders of magnitude. Gives nothing, if all ways outside (network, no plaintext filesystems!) are closed and sessions are secure (locked, if not legitimately operated in AND enough bug-free). Yes, but who is going to work on disconnected system? Adding some kind of proxy with firewall opens up a possibility of malicious transfer to some trusted outside service, which can theoretically be compromised by then. Also I didn't count some wild tricks with operating hardware... But that doesn't count, as RAM can be partially read by coldboot att. > > As a conclusion of what I have read this far I can state: hardened OS is > > useless for non-server. Would that be too much? Well, I think, in a > > "black and white" no. (later is a discussion of what is better: to have 3 > > holes or 300) > > The problem, as I see it, is that you haven't defined your problem > scope. My problem is stupidly simple: I just want a safe (well, as safe as possible) way to exchange my mails. If I leave my physical hardware to be "as safe as possible", outside channel to mailserver remains (and can then once become a tunnel for other information). > Taking "extra precautions" is nice, but unless you [even > broadly] classify what you consider a viable threat, you're not going > to gain much ground. My advice would be to sit back and try to define > what you're defending against. Anything, that would allow to leak information through network or wipe local files, which is not an exact list of things, of course. I would appreciate, if someone throws in a link(s) to where people show / discuss ways it could be done, even if Linux user is careful (but not "paranoid") about how he uses the system. > There are measures you can take, but > blindly applying security policies is more likely to end up with a > broken system than a secure one. Sure.