[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security trough paranoia


	I'm a Debian user since its hamm release. Some of the things that 
always woried me (and I guess, a couple of other users) is the lack of
security hardening in the Debian distro. This email is to report some
idea I've got sometime ago. I have already posted this idea to
debian-user, but it doesn't appear in the archives. I don't know what
happened to my first post, so, here it is, but a little more elaborated:
	I know... the Debian security team is one of the best things about
Debian. All you have to do to agree is read some security advisories
(like Bugtraq): The first distribution to always correct a recently
discovered exploit is Debian. Sometimes even before it become known.
Ok... but this is done, a little later, of course, by other distros,
like RH, TL, SuSE, ans so on... I was thinking... Why isn't Debian in the
Security Linux Projects list at lwn.net? I know!!! That list includes Bastille
Linux, Immunix, Nexus, SLinux, NSA Security-Enhanced, and Trustix.
	Alright... my idea is to create something that makes Debian enters
that list. But what?... It could be a port!!! Like Debian Hurd, or Debian m68k,
or Debian Alpha, and so on.... (We can call this Debian Paranoid ;-) )
	But why an entire port? These are the reasons:
	* everything must be recompiled under stackguard
	  (http://www.immunix.org/stackguard.html). This would prevent the famous
	  "stack smashing" attack.
	* glibc must be patched with formatguard
	  (http://www.immunix.org/formatguard.html). This would prevent the
	  "format bugs", a bug in the printf function.
	* libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be
	  incorporated, in order to prevent several buffer overflow exploits.
	* the kernel may be patched with the latest security patches, not only
	  from the official tree, but also the followings:
		* Openwall (http://www.openwall.com/linux/), which adds a new
		  Security section in kernel configuration. This is one of the
		  most known patches around;
		* HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/),
		  which is a set of patches incremental to the first one.
		* LIDS (http://www.lids.org), which is a Intrusion Detection
		  System patched into the kernel.
		* Linux IP Personality patch (http://ippersonality.sourceforge.net/),
		  which makes remote SO query very hard (I guess only kernel 2.4 is
		* NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), which
		  adds mandatory access controls to linux.
		* Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/),
		  (I guess this one is too early yet) which hides your machine from
		  the network.
		* SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), which
		  adds the option to execute a program when system crashes
		  (using Alt-SysRq-X)
		* SubDomain kernel extension (http://www.immunix.org/subdomain.html),
		  which is a better implementation of the chroot jail concept.
		* International Kernel Patch (http://www.kerneli.org), which permits
		  loopback encryption filesystems
	* every package that deals with network must be defaultly configured to the
	  most paranoid options (e.g. Squid should have lots of headers filters
	  turned on, etc)
	* PAM must come with md5 hash enabled by default.
	* ....

	Well, there are just tooooooo many things that, I guess, justify a new
port (although the first reason I gave is the strongest one). Of course, the first
target of this "port" would be Debian i386, but, I don't see why other ports can't
join it.

	This is my idea. I sent it to debian-user and to debian-devel.
**Please**, I'd like to hear your opinion (I mean opinion, not flames. Flames will
silently be redirected to /dev/null, as usual). Send them to me directly (or CC me
if you prefer), 'cause I am not a signed member of these lists.

	TIA. Sorry the looooooong email, and my bad english, but I am from Brazil
(BTW, did it sound english anyway?).



Reply to: