[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question on live distros

Thanks for the tips.

The application is a client database, which is basically the heart of the business of my client, and he has legal and fiduciary obligations to protect it. Right now, I have him running that application on a dedicated Windoze machine with no WiFi and a bare RJ45 connector superglued in the ethernet socket, and warned him about connecting anything other than the dedicated backup flash drive to the USB. He's running XP, and I want to move the whole thing to Linux.

What I want is the ability to safely run his client database application on any machine that will boot Linux from CD/DVD, and safely copy his (encrypted) backups using any machine. He doesn't need to worry about the NSA, just hackers/competitors. Reasonably strong encryption would be sufficient.

PGP is what I used last time I needed encryption, but that was several years ago.

I'll do a search for cypherpunk forums... Do you have a specific one you would recommend?

On Thu, Dec 25, 2014 at 1:27 AM, Andrew <knoppix@rngresearch.com> wrote:
Dear Howard,

Which distros are the most popular among cypherpunks?

I don't know if Knoppix is the best distro for your project, but it is my
personal favorite.

Actually, Knoppix is rather an application that accepts a passphrase on
startup and searches for a file encrypted with that passphrase (and mounts
the filesystem contained in that file, if the passphrase works).  Many
things run simultaneously, though.

As for limiting recognition of devices, two approaches come to mind:  (1)
Remove device drivers for all devices you don't want, for example, delete
all network device drivers from the filesystem before remastering.  That
way, although the devices may be discovered, no suitable drivers will be
found.  (2) remove all unwanted device detection from Knoppix.  I would
recommend doing both.

As for "taking over the system (nothing else can run)", linux is a
multi-process operating system.  One scheme comes to mind, but I don't
know if it would work.  You could have one filesystem containing only your
application.  While still in single-user mode, mount all other filesystems
"noexec", and while running a single process, change the process owner to
a non-privileged user.  Have it execute (and replace itself with) your
application (running as the non-privileged user).  The only program that
can be executed from that point on is your application.

It's rather a rough sketch, but it's something to look into.

I don't know what your application is, but, whatever it is, chances are
somebody else with more knowledge about effective implementation of
security has already given it some thought.  If crypto is your thing, I
suggest looking into cypherpunk forums, etc.

Good luck,

On Wed, December 24, 2014 12:04, Howard Lee Harkness wrote:
> On Wed, Dec 24, 2014 at 10:30 AM, Martin Steigerwald <Martin@lichtvoll.de>
> wrote:
>> I´d install a Debian for that. I would use KNOPPIX as a live distro and
>> nothing else.
> I was looking for a live distro to use for a project I have in mind. Is
> Knoppix the best distro to use for that?
> I would like to create a live bootable DVD that did not recognize any
> ports
> other than a USB port (for a data drive). I would like to write an
> application to be included on the DVD which comes up after boot, takes a
> password, and searches the USB drive for a file encrypted with that
> password. The application should take over the system (nothing else can
> run), and when it is closed, the machine should shut down.
> I'm in the initial phase of feasibility research on this, so any pointers,
> references, etc. would be greatly appreciated.
> --
> Howard Lee Harkness
> howard.lee.harkness@gmail.com

To UNSUBSCRIBE, email to debian-knoppix-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 9106a555daf5f0a17a2a5babd5ca9269.squirrel@webmail.dreamhost.com" target="_blank">https://lists.debian.org/[🔎] 9106a555daf5f0a17a2a5babd5ca9269.squirrel@webmail.dreamhost.com

Howard Lee Harkness
Pro-Count, Inc.
(214) 269-1171

Reply to: