Re: How Debian Linux could be made more secure

To: roessler@guug.de
Cc: debian-devel@lists.debian.org
Subject: Re: How Debian Linux could be made more secure
From: jdassen@wi.leidenuniv.nl
Date: Tue, 28 Apr 1998 17:07:41 +0200
Message-id: <[🔎] 19980428170741.50685@wi.leidenuniv.nl>
In-reply-to: <[🔎] 19980428165045.A14460@sobolev.rhein.de>; from Thomas Roessler on Tue, Apr 28, 1998 at 04:50:45PM +0200
References: <[🔎] 19980428165045.A14460@sobolev.rhein.de>

On Tue, Apr 28, 1998 at 04:50:45PM +0200, Thomas Roessler wrote:
> Further, the policy should require maintainers to tag bug reports about
> programs running suid root "critical". 

>From http://www.debian.org/Bugs/Developer.html#severities
:critical 
:     makes unrelated software on the system (or the whole system)
:     break, or causes serious data loss, or introduces a security hole
:     on systems where you install the package.

Proper assignment of Severity: is IMHO a part of a maintainer's task
already; I don't think this needs to be spelled out in the policy.

> (You may also consider to add an option to the bug program which tags a
> bug report as a security problem, and thus "critical".

In that case, I hope "bug" will explain the meaning of the Severity level
chosen and ask for confirmation.

> - While installing packages, dpkg-deb(8) should consult the clearance list
>   and warn the user about certain programs not being in the clearance list.

dpkg-deb is a archive packager like ar(1) or tar(1). The proper place for
this, if you want it integrated in the package management tools, would be
dpkg IMO.

> As an additional level of "certification", packages may be tagged
> "insecure", depending on previous experience or the level of review (e.g.,
> the BSD lpr, xbase, and sendmail packages may be tagged "insecure", while
> qmail is tagged "secure").  The installation procedure could then ask the
> user for the system's security level and warn him if he tries to install a
> package with a non-appropriate certification.

I object to these labels. Auditing source is a good idea, but even thorough
audits are IMO not strong enough a method to base a label "secure" on
("tested", "audited", "previously audited" or whatever are OK by me).
Perhaps it would be better to differentiate between several sources people
can use to base there trust on (like PGP's feature of calculating trust on
the basis of a personal parameter of trust per signator).

Ray
-- 
Tevens ben ik van mening dat Nederland overdekt dient te worden.

--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- How Debian Linux could be made more secure
  - From: Thomas Roessler <roessler@guug.de>

Prev by Date: Re: X and Window Mangers
Next by Date: Re: X and Window Mangers
Previous by thread: How Debian Linux could be made more secure
Next by thread: Re: How Debian Linux could be made more secure
Index(es):
- Date
- Thread