Hi, I've started a few time ago (as many of you could know) the Debian Hardened project , as an approach to Debian's mainline security. Currently, the project is in a mature state of development with many things already done and also a lot of testing of the work. I've ported to Debian Sarge's GCC (3.3.4-6) the PIE stuff (got from LFS archives) and also updated the SSP to the latest version. These GCC packages can be found at http://sourceforge.net/projects/debianhardened until i get an available machine for host an apt repository (at the moment, the installation of the packages by downloading each-one from SF.net is an ass-pain). Talking about the GLIBC...i've ported the Hardened Gentoo's SSP implementation, made by pappy (Alexander Gabbert) and i've also worked out on libssp (i need some help on testing this) for make the stuff independant of GCC (my gcc packages are patched with SSP, so, every compiled binary will have the __guard symbols, getting more big binaries), also Peter Busser from Adamantix has done a great job on this, but the code it's not yet available. I have hardened also the binutils, and some of ./net packages: - rinetd (some work for make it able to be chroot'ed as unprivileged user) - openssh (i'm working on the patches that bring SecurID Token use features, and others from independent hackers) - wu-ftpd , just added the stuff from WU-FTPD guys. About the kernels...the work is in production state, i've currently tested them on some machines , 2 of them are shared environments (software-libre.org & ourproject.org) with user chroots, etc. I've also did the DHKP, but i'm going to remix it and use instead of the current patches (OW and others) the PaX + RSBAC + SELinux mix. No reasons to leave grsecurity, just improving *different* solutions, in my opinion with wide support and testing. All of this has been done for Sarge (except the kernels... i need a decent machine to re-compile them, is anybody interested in giving me access to a machine, maybe inside a compile farm?) I've done a wiki with some information on the project development organization, i need contributors, developers, anybody which is interested in contributing the Debian project. http://www.debian-hardened.org/wiki JFS, tell me if you are interested in it...you're spanish and that should make easier the communication, and , due to your high valuable work on Debian , i can mind about making you the co-manager of the project and also i'm interested in working together with the Security Response team. I will send these "status" messages for maintain informed the people of debian-security on my efforts in Debian Hardened, if there's anything to ask me, please give me a line at my email address or sent any inquiry to debianhardened-hackers@lists.sourceforge.net, thanks. Cheers, -- Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> Debian Hardened project leader - http://www.debian-hardened.org
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente