Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Hi!
> I am astounded at so much stupidity. The home page of your project
> states that Adamantix is "A distribution mostly based on Debian woody,
> but with some packages from testing and unstable".
These are the kind of statements I would not tolerate on the Adamantix mailing
lists. I think the old saying applies here: It takes one to know one.
> You should try a reality check from time to time. If one of the projects
> among Debian and Adamantix is indebted to the other one, it is quite
> clearly Adamantix to Debian and not the other way round at the moment.
There is no ``in debt''. It is free software. Anyone can take it and use it as
(s)he wishes. Freedom, remember? There are so many users who use packages from
Debian without ever letting hear anything. But when you are a developer, you
are somehow obliged to help everyone out, even if it would hurt your own
project. That obligation only exists in your mind Mr.
> For me, it makes no doubt that you are far too dumb to assemble an
> operating system that is as secure as advertised on the Adamantix home
> page: it is clear that you are unable to audit all the code you
> incorporated from Debian packages, including upstream code (be it skills
> or time, most probably both).
That is indeed a problem for all Linux distributions, including Adamantix. I
think it is a problem for OpenBSD too. I wonder what the Debian project is
doing about it, and how it manages to audit 13000+ packages. Maybe that is
something to work at together. It is certainly on my list.
> So, if a package you incorporated is
> compromised, you are likely to be rooted.
That is true. That is why Adamantix is going to use RSBAC in all of its
kernels. RSBAC makes it possible to defend against root account compromises.
Some people believe you can get perfect protection by using mandatory access
control. I think these people will be disappointed when their systems will be
hacked anyway. But it is certainly a very useful measure when set up correctly,
it can make PaX more effective (i.e. PaX can provide guaranteed protection
against ALL arbitrary code introduction and execution).
> And for this to happen, it is
> sufficient that a developer's machine be compromised.
Right, we have seen an example where that happened, haven't we? The development
of Adamantix has been rather slow until now, because I saw things like this
happening. Some of the things that have been worked at are surprisingly similar
to the things you can find on Wiggert Akkermans' web page. And no, I cannot
and will not guarantee that things like that will not happen to Adamantix in
the future. There is no perfect security, the only thing you can try to do is
to raise the bar and hope noone is able to jump higher than that.
> By not trying to
> improve the security of most Debian installations (which you are doing
> by refusing to cooperate to get PaX into Debian), you are doing nothing
> to lower the probability of a developer's machine being compromised.
You have a few facts wrong here. I am not refusing anything here. In the past
I have contacted various people in or related to Debian about collaboration.
I don't remember who, but one of them was Bruce Perens, who wrote an e-mail
saying that he wanted Adamantix and Knoppix to work more closely to Debian. I
never got an answer. Neither did I get answers from the other people.
Anyways, I think forget a few things here. Since Adamantix is using Debian
packages, a backdored Adamantix package means that the original Debian package
is also backdored. And sure, these things are going to happen, I am quite sure
of that. But if there is a problem, it is bigger for Debian. Because you only
have the barebone Linux ``security'' and nothing else.
In fact, I think you just summed up the list of most serious problems that
Debian is facing right now. I wonder what you are going to do about it.
I would like to help out with this, but I am too busy doing RSBAC development
right now and other stuff related to Adamantix. A day only has 24 hours and
there is nothing I can do about that. But I have always been willing to assist
people with this. After all, I like to think that a thing or two have been
learned during the development of Adamantix. The least I could do is share it.
That is what happens with Gentoo hardened. I don't see why it could not work
with Debian, unless you decide that it is not worth it. Your choice, I don't
care.
> Yes, you are trying to get rooted, you and all Admantix users. That is
> stupid.
Right, that is why I keep telling people that they should not blindly trust the
security of their systems.
> A last one, just for fun:
>
> "The Adamantix project aims to create the most secure but usable Linux
> platform on this planet" -- http://www.adamantix.org/
Thank you for pointing that out. That is indeed the aim. Also note that it
means that this goal has not been reached yet. If you want, I can list a number
of potential problems in Adamantix. I am not marketing a product, and I don't
have a status quo to defend, so I can be honest about it. And yet I honestly
think that with the little work that has been done so far, Adamantix still
provides better security than Debian. You are vulnerable for an unknown local
root exploit. Adamantix users have at least a chance of getting away without
being compromised. That is why I think it would be a good start for Debian with
getting PaX in the kernel.
Groetjes,
Peter Busser
--
The Adamantix Project
Taking high-security Linux out of the labs, and into the real world
http://www.adamantix.org/
Reply to: