Security through paranoia
I'm a Debian user since its hamm release. Some of the things that
always woried me (and I guess, a couple of other users) is the lack of
security hardening in the Debian distro. This email is to report some
idea I've got sometime ago. I have already posted this idea to
debian-user, but it doesn't appear in the archives. I don't know what
happened to my first post, so, here it is, but a little more elaborated:
I know... the Debian security team is one of the best things about
Debian. All you have to do to agree is read some security advisories
(like Bugtraq): The first distribution to always correct a recently
discovered exploit is Debian. Sometimes even before it become known.
Ok... but this is done, a little later, of course, by other distros,
like RH, TL, SuSE, ans so on... I was thinking... Why isn't Debian in the
Security Linux Projects list at lwn.net? I know!!! That list includes Bastille
Linux, Immunix, Nexus, SLinux, NSA Security-Enhanced, and Trustix.
Alright... my idea is to create something that makes Debian enters
that list. But what?... It could be a port!!! Like Debian Hurd, or Debian m68k,
or Debian Alpha, and so on.... (We can call this Debian Paranoid ;-) )
But why an entire port? These are the reasons:
* everything must be recompiled under stackguard
(http://www.immunix.org/stackguard.html). This would prevent the famous
"stack smashing" attack.
* glibc must be patched with formatguard
(http://www.immunix.org/formatguard.html). This would prevent the
"format bugs", a bug in the printf function.
* libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be
incorporated, in order to prevent several buffer overflow exploits.
* the kernel may be patched with the latest security patches, not only
from the official tree, but also the followings:
* Openwall (http://www.openwall.com/linux/), which adds a new
Security section in kernel configuration. This is one of the
most known patches around;
* HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/),
which is a set of patches incremental to the first one.
* LIDS (http://www.lids.org), which is a Intrusion Detection
System patched into the kernel.
* Linux IP Personality patch (http://ippersonality.sourceforge.net/),
which makes remote SO query very hard (I guess only kernel 2.4 is
* NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), which
adds mandatory access controls to linux.
* Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/),
(I guess this one is too early yet) which hides your machine from
* SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), which
adds the option to execute a program when system crashes
* SubDomain kernel extension (http://www.immunix.org/subdomain.html),
which is a better implementation of the chroot jail concept.
* International Kernel Patch (http://www.kerneli.org), which permits
loopback encryption filesystems
* every package that deals with network must be defaultly configured to the
most paranoid options (e.g. Squid should have lots of headers filters
turned on, etc)
* PAM must come with md5 hash enabled by default.
Well, there are just tooooooo many things that, I guess, justify a new
port (although the first reason I gave is the strongest one). Of course, the first
target of this "port" would be Debian i386, but, I don't see why other ports can't
This is my idea. I sent it to debian-user and to debian-devel.
**Please**, I'd like to hear your opinion (I mean opinion, not flames. Flames will
silently be redirected to /dev/null, as usual). Send them to me directly (or CC me
if you prefer), 'cause I am not a signed member of these lists.
TIA. Sorry the looooooong email, and my bad english, but I am from Brazil
(BTW, did it sound english anyway?).