[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security trough paranoia

On Fri, Mar 30, 2001 at 05:46:42PM -0300, DrPablo@mail.com wrote:

> 	* everything must be recompiled under stackguard
> 	  (http://www.immunix.org/stackguard.html). This would prevent the famous
> 	  "stack smashing" attack.

Shirley not everything!

> 	* glibc must be patched with formatguard
> 	  (http://www.immunix.org/formatguard.html). This would prevent the
> 	  "format bugs", a bug in the printf function.
> 	* libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be
> 	  incorporated, in order to prevent several buffer overflow exploits.

See above. This can be done on per-package basis.

> 	* the kernel may be patched with the latest security patches, not only
> 	  from the official tree, but also the followings:
> 		* Openwall (http://www.openwall.com/linux/), which adds a new
> 		  Security section in kernel configuration. This is one of the
> 		  most known patches around;
> 		* HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/),
> 		  which is a set of patches incremental to the first one.
> 		* LIDS (http://www.lids.org), which is a Intrusion Detection
> 		  System patched into the kernel.
> 		* Linux IP Personality patch (http://ippersonality.sourceforge.net/),
> 		  which makes remote SO query very hard (I guess only kernel 2.4 is
> 		  supported).
> 		* NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), which
> 		  adds mandatory access controls to linux.
> 		* Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/),
> 		  (I guess this one is too early yet) which hides your machine from
> 		  the network.
> 		* SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), which
> 		  adds the option to execute a program when system crashes
> 		  (using Alt-SysRq-X)
> 		* SubDomain kernel extension (http://www.immunix.org/subdomain.html),
> 		  which is a better implementation of the chroot jail concept.
> 		* International Kernel Patch (http://www.kerneli.org), which permits
> 		  loopback encryption filesystems

... and call the result "Debian Enterprise Kernel", aka D(r)EK.
Are these patches compatible with each other? What if I want only some of
those patches (eg. I'm a German govt. employee & I'm not allowed to run any
code that's been touched by NSA)? Or do you propose to have 9! kernel

> 	* every package that deals with network must be defaultly configured to the
> 	  most paranoid options (e.g. Squid should have lots of headers filters
> 	  turned on, etc)

This is fair enough, except that this must _not_ be the default, for obvious
reasons. "Paranoid" intall/config option is OK. This should be done in package's 
*inst script, anyway, no reason to create another distro.

> 	* PAM must come with md5 hash enabled by default.

No. Think heterogeneous networks.

E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home)
http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
Well, lusers are technically human.                   -- Red Drag Diva in ASR

Reply to: