Re: Question on live distros
IHMO for this project it is much easier to start with a mini live cd
and add software than to start with a full featured Linux coming on a
DVD like Knoppix and reduce features, there are lots of possibilities
like DSL, miniknoppix (No more developped?), http://www.toms.net/rb/ ,
Have a closer look at http://www.ubuntu-mini-remix.org/ , this might
be exactli what you are looking for.
On Thu, Dec 25, 2014 at 4:56 PM, Howard Lee Harkness
> Thanks for the tips.
> The application is a client database, which is basically the heart of the
> business of my client, and he has legal and fiduciary obligations to protect
> it. Right now, I have him running that application on a dedicated Windoze
> machine with no WiFi and a bare RJ45 connector superglued in the ethernet
> socket, and warned him about connecting anything other than the dedicated
> backup flash drive to the USB. He's running XP, and I want to move the whole
> thing to Linux.
> What I want is the ability to safely run his client database application on
> any machine that will boot Linux from CD/DVD, and safely copy his
> (encrypted) backups using any machine. He doesn't need to worry about the
> NSA, just hackers/competitors. Reasonably strong encryption would be
> PGP is what I used last time I needed encryption, but that was several years
> I'll do a search for cypherpunk forums... Do you have a specific one you
> would recommend?
> On Thu, Dec 25, 2014 at 1:27 AM, Andrew <firstname.lastname@example.org> wrote:
>> Dear Howard,
>> Which distros are the most popular among cypherpunks?
>> I don't know if Knoppix is the best distro for your project, but it is my
>> personal favorite.
>> Actually, Knoppix is rather an application that accepts a passphrase on
>> startup and searches for a file encrypted with that passphrase (and mounts
>> the filesystem contained in that file, if the passphrase works). Many
>> things run simultaneously, though.
>> As for limiting recognition of devices, two approaches come to mind: (1)
>> Remove device drivers for all devices you don't want, for example, delete
>> all network device drivers from the filesystem before remastering. That
>> way, although the devices may be discovered, no suitable drivers will be
>> found. (2) remove all unwanted device detection from Knoppix. I would
>> recommend doing both.
>> As for "taking over the system (nothing else can run)", linux is a
>> multi-process operating system. One scheme comes to mind, but I don't
>> know if it would work. You could have one filesystem containing only your
>> application. While still in single-user mode, mount all other filesystems
>> "noexec", and while running a single process, change the process owner to
>> a non-privileged user. Have it execute (and replace itself with) your
>> application (running as the non-privileged user). The only program that
>> can be executed from that point on is your application.
>> It's rather a rough sketch, but it's something to look into.
>> I don't know what your application is, but, whatever it is, chances are
>> somebody else with more knowledge about effective implementation of
>> security has already given it some thought. If crypto is your thing, I
>> suggest looking into cypherpunk forums, etc.
>> Good luck,
>> On Wed, December 24, 2014 12:04, Howard Lee Harkness wrote:
>> > On Wed, Dec 24, 2014 at 10:30 AM, Martin Steigerwald
>> > <Martin@lichtvoll.de>
>> > wrote:
>> >> IÂ´d install a Debian for that. I would use KNOPPIX as a live distro
>> >> and
>> >> nothing else.
>> > I was looking for a live distro to use for a project I have in mind. Is
>> > Knoppix the best distro to use for that?
>> > I would like to create a live bootable DVD that did not recognize any
>> > ports
>> > other than a USB port (for a data drive). I would like to write an
>> > application to be included on the DVD which comes up after boot, takes a
>> > password, and searches the USB drive for a file encrypted with that
>> > password. The application should take over the system (nothing else can
>> > run), and when it is closed, the machine should shut down.
>> > I'm in the initial phase of feasibility research on this, so any
>> > pointers,
>> > references, etc. would be greatly appreciated.
>> > --
>> > Howard Lee Harkness
>> > email@example.com
>> To UNSUBSCRIBE, email to firstname.lastname@example.org
>> with a subject of "unsubscribe". Trouble? Contact
>> [🔎] email@example.com">https://lists.debian.org/[🔎] firstname.lastname@example.org
> Howard Lee Harkness
> Pro-Count, Inc.
> (214) 269-1171