Re: Question on live distros

To: debian-knoppix@lists.debian.org
Subject: Re: Question on live distros
From: Dieter Wirz <didi.wirz@gmail.com>
Date: Fri, 26 Dec 2014 13:26:59 +0100
Message-id: <[🔎] CAK4vXruCN0PkRf5Cv_FDsesf0v4K5Jni-iRrwTNmnyYkYT0O1g@mail.gmail.com>
In-reply-to: <[🔎] CAMVghhWJKt5YC7nY=wNLGOST0Mn7AZCHs-xC3X=LAiq+95DNUw@mail.gmail.com>
References: <[🔎] CAMVghhVU5OpAO87OCt8a5p0aB15689naN5oZ3SNzeQCmrP5BVA@mail.gmail.com> <[🔎] 9106a555daf5f0a17a2a5babd5ca9269.squirrel@webmail.dreamhost.com> <[🔎] CAMVghhWJKt5YC7nY=wNLGOST0Mn7AZCHs-xC3X=LAiq+95DNUw@mail.gmail.com>

IHMO for this project it is much easier to start with a mini live cd
and add software than to start with a full featured Linux coming on a
DVD like Knoppix and reduce features, there are lots of possibilities
like DSL, miniknoppix (No more developped?), http://www.toms.net/rb/ ,
....

Have a closer look at http://www.ubuntu-mini-remix.org/ , this might
be exactli what you are looking for.

On Thu, Dec 25, 2014 at 4:56 PM, Howard Lee Harkness
<harkness@procountinc.com> wrote:
> Thanks for the tips.
>
> The application is a client database, which is basically the heart of the
> business of my client, and he has legal and fiduciary obligations to protect
> it. Right now, I have him running that application on a dedicated Windoze
> machine with no WiFi and a bare RJ45 connector superglued in the ethernet
> socket, and warned him about connecting anything other than the dedicated
> backup flash drive to the USB. He's running XP, and I want to move the whole
> thing to Linux.
>
> What I want is the ability to safely run his client database application on
> any machine that will boot Linux from CD/DVD, and safely copy his
> (encrypted) backups using any machine. He doesn't need to worry about the
> NSA, just hackers/competitors. Reasonably strong encryption would be
> sufficient.
>
> PGP is what I used last time I needed encryption, but that was several years
> ago.
>
> I'll do a search for cypherpunk forums... Do you have a specific one you
> would recommend?
>
> On Thu, Dec 25, 2014 at 1:27 AM, Andrew <knoppix@rngresearch.com> wrote:
>>
>> Dear Howard,
>>
>> Which distros are the most popular among cypherpunks?
>>
>> I don't know if Knoppix is the best distro for your project, but it is my
>> personal favorite.
>>
>> Actually, Knoppix is rather an application that accepts a passphrase on
>> startup and searches for a file encrypted with that passphrase (and mounts
>> the filesystem contained in that file, if the passphrase works).  Many
>> things run simultaneously, though.
>>
>> As for limiting recognition of devices, two approaches come to mind:  (1)
>> Remove device drivers for all devices you don't want, for example, delete
>> all network device drivers from the filesystem before remastering.  That
>> way, although the devices may be discovered, no suitable drivers will be
>> found.  (2) remove all unwanted device detection from Knoppix.  I would
>> recommend doing both.
>>
>> As for "taking over the system (nothing else can run)", linux is a
>> multi-process operating system.  One scheme comes to mind, but I don't
>> know if it would work.  You could have one filesystem containing only your
>> application.  While still in single-user mode, mount all other filesystems
>> "noexec", and while running a single process, change the process owner to
>> a non-privileged user.  Have it execute (and replace itself with) your
>> application (running as the non-privileged user).  The only program that
>> can be executed from that point on is your application.
>>
>> It's rather a rough sketch, but it's something to look into.
>>
>> I don't know what your application is, but, whatever it is, chances are
>> somebody else with more knowledge about effective implementation of
>> security has already given it some thought.  If crypto is your thing, I
>> suggest looking into cypherpunk forums, etc.
>>
>> Good luck,
>> Andrew
>>
>>
>> On Wed, December 24, 2014 12:04, Howard Lee Harkness wrote:
>> > On Wed, Dec 24, 2014 at 10:30 AM, Martin Steigerwald
>> > <Martin@lichtvoll.de>
>> > wrote:
>> >
>> >> IÂ´d install a Debian for that. I would use KNOPPIX as a live distro
>> >> and
>> >> nothing else.
>> >>
>> >
>> > I was looking for a live distro to use for a project I have in mind. Is
>> > Knoppix the best distro to use for that?
>> >
>> > I would like to create a live bootable DVD that did not recognize any
>> > ports
>> > other than a USB port (for a data drive). I would like to write an
>> > application to be included on the DVD which comes up after boot, takes a
>> > password, and searches the USB drive for a file encrypted with that
>> > password. The application should take over the system (nothing else can
>> > run), and when it is closed, the machine should shut down.
>> >
>> > I'm in the initial phase of feasibility research on this, so any
>> > pointers,
>> > references, etc. would be greatly appreciated.
>> > --
>> > Howard Lee Harkness
>> > howard.lee.harkness@gmail.com
>> >
>>
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-knoppix-request@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>> Archive:
>> [🔎] 9106a555daf5f0a17a2a5babd5ca9269.squirrel@webmail.dreamhost.com">https://lists.debian.org/[🔎] 9106a555daf5f0a17a2a5babd5ca9269.squirrel@webmail.dreamhost.com
>>
>
>
>
> --
> Howard Lee Harkness
> harkness@procountinc.com
> Pro-Count, Inc.
> (214) 269-1171

Reply to:

References:
- Question on live distros
  - From: Howard Lee Harkness <howard.lee.harkness@gmail.com>
- Re: Question on live distros
  - From: "Andrew" <knoppix@rngresearch.com>
- Re: Question on live distros
  - From: Howard Lee Harkness <harkness@procountinc.com>

Prev by Date: Re: Question on live distros
Next by Date: Re: Question on live distros
Previous by thread: Re: Question on live distros
Next by thread: Re: Question on live distros
Index(es):
- Date
- Thread