On Sun, Dec 11, 2011 at 3:30 PM, Kevin Chadwick wrote: > On Sun, 11 Dec 2011 10:18:51 +0000 > Sven Vermeulen wrote: > > > Also consider hardening your system settings-wise. I would appreciate if > you > > take a look at > > http://dev.gentoo.org/~swift/docs/previews/oval/gentoo-xccdf-guide.html. > > With the instructions given, you can even have your system validated (as > far > > as possible) automatically. > > I was expecting to find here what one distro uses which is binary > signature checking upon execution. > > Another thing that I try to do as a better method of TPE which is a > breeze on OpenBSD and sometimes I find myself working against Linux > developers¹ is to make it so that any writeable area of the filesystem > is mounted noexec and mounts have the least priviledges required. > If don't mind my asking, what is it that OpenBSD does differently than the Linux distros that make it so much easier? Do they actually follow the security practices you mentioned in the bug report? > > ¹ "https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/880965" > set as won't fix and also e.g. apt-get expecting /tmp exec. > > Thanks, Matt -- Matthew Finkel