Dear Howard,
Which distros are the most popular among cypherpunks?
I don't know if Knoppix is the best distro for your project, but it is my
personal favorite.
Actually, Knoppix is rather an application that accepts a passphrase on
startup and searches for a file encrypted with that passphrase (and mounts
the filesystem contained in that file, if the passphrase works). Many
things run simultaneously, though.
As for limiting recognition of devices, two approaches come to mind: (1)
Remove device drivers for all devices you don't want, for example, delete
all network device drivers from the filesystem before remastering. That
way, although the devices may be discovered, no suitable drivers will be
found. (2) remove all unwanted device detection from Knoppix. I would
recommend doing both.
As for "taking over the system (nothing else can run)", linux is a
multi-process operating system. One scheme comes to mind, but I don't
know if it would work. You could have one filesystem containing only your
application. While still in single-user mode, mount all other filesystems
"noexec", and while running a single process, change the process owner to
a non-privileged user. Have it execute (and replace itself with) your
application (running as the non-privileged user). The only program that
can be executed from that point on is your application.
It's rather a rough sketch, but it's something to look into.
I don't know what your application is, but, whatever it is, chances are
somebody else with more knowledge about effective implementation of
security has already given it some thought. If crypto is your thing, I
suggest looking into cypherpunk forums, etc.
Good luck,
Andrew
On Wed, December 24, 2014 12:04, Howard Lee Harkness wrote:
> On Wed, Dec 24, 2014 at 10:30 AM, Martin Steigerwald <Martin@lichtvoll.de>
> wrote:
>
>> I´d install a Debian for that. I would use KNOPPIX as a live distro and
-->> nothing else.
>>
>
> I was looking for a live distro to use for a project I have in mind. Is
> Knoppix the best distro to use for that?
>
> I would like to create a live bootable DVD that did not recognize any
> ports
> other than a USB port (for a data drive). I would like to write an
> application to be included on the DVD which comes up after boot, takes a
> password, and searches the USB drive for a file encrypted with that
> password. The application should take over the system (nothing else can
> run), and when it is closed, the machine should shut down.
>
> I'm in the initial phase of feasibility research on this, so any pointers,
> references, etc. would be greatly appreciated.
> --
> Howard Lee Harkness
> howard.lee.harkness@gmail.com
>
To UNSUBSCRIBE, email to debian-knoppix-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 9106a555daf5f0a17a2a5babd5ca9269.squirrel@webmail.dreamhost.com" target="_blank">https://lists.debian.org/[🔎] 9106a555daf5f0a17a2a5babd5ca9269.squirrel@webmail.dreamhost.com