Hi Russell, El dom, 26-09-2004 a las 14:02, Russell Coker escribió: > On Sun, 26 Sep 2004 07:22, Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> > wrote: > > - openssh (i'm working on the patches that bring SecurID Token use > > features, and others from independent hackers) > > Most of the features you list are things that are difficult to get into > Debian/main. Not too really difficult, it depends on how it gets developed: http://www.debian-hardened.org/wiki/index.php/CVS_Development_Organization SSP and PIE don't affect the binaries performance (not seriously), and arbitrary patches get tested before using them. It goes under the lead210 pool before it goes to system-dh. > But token based security for openssh is something that seems > like it could go in without too much pain. Have you talked to Matthew Vernon > about this? Not yet, i would do it.Anyway, the patches are not mine, i'm just porting them to the Debian packages (converting and implementing them as dpatches). > > About the kernels...the work is in production state, i've currently > > tested them on some machines , 2 of them are shared environments > > (software-libre.org & ourproject.org) with user chroots, etc. > > I've also did the DHKP, but i'm going to remix it and use instead of the > > current patches (OW and others) the PaX + RSBAC + SELinux mix. > > You have RSBAC and SE Linux in the same kernel? What's the point? I haven't done that work, we are just starting to decided what's the painless solution. Cheers, -- Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente