[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Hardened project (question about use of the "Debian" trademark)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Lorenzo Hernandez Garcia-Hierro wrote:
| Hi,
|

[...]

| Debian Hardened is like Debian Junior, and the rest of subprojects.
| *We* must provide the best (and the easiest) way to harden Debian for
| advanced users, sysadmins or just people that want a really *more*
| secure environment than the "common" one, that does not need to be
| "insecure" but it will be more "unsafe" if you compare it with the same
| system but hardened.

I prefer directly hardening Debian with things that don't get in the way
of the user.  That's what I was going on about a month ago with PaX (I'm
still working with that, just waiting until after Sarge).  As long as
the user doesn't have to see it, it can and I think should go into
mainline Debian.

My point here is, you mention "advanced users" and "sysadmins;" but I'm
focused on people who are too stupid to remember how to save a document
in MS Word in RTF format instead of .doc.

[...]
| if
| you a hardened binary (+SSP/ProPOlice and a library to trace the BOF
| conditions) in a hardened environment (hardened kernel and RBAC/RSBAC
| policies) it will be not dangerous as having a simple Debian!

Ummmmmm, update anyway dude.  It's still a DoS attack.

| We can start asking ourselves about "Why not making Debian hardened
| directly?", we need to respect the freedom of choice and also, a normal
| user wouldn't want to use RBAC...or not?

Some technologies, like SSP and PIE, have to be compiled directly into
the program.  Most users would chose not to recompile their system.  I
believe that nobody would be particularly upset if their system was more
secure *as* *long* *as* it does not become visible to them.  If it looks
no different, I think the 'lesser of two evils' here would be to be
secure by default, and let the user who for some odd reason wants to be
a target to rebuild.

RBAC I'll agree with, it can be a pain in the ass and can change the way
an administrator has to interact with the system, which can become
confusing to the user.  GRSecurity with active ACLs or an active SELinux
shouldn't be on by default; but they can easily be options which the
user can activate with a debconf program.

[...]

| Thanks in advance,
| Cheers.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBSxkjhDd4aOud5P8RAhrgAKCCLpcqdv3zxwcG5Fo8rDPGOvLLEwCfc0Wo
4ZO3r5ScbvtWKOSqQP9uNEg=
=Yl7W
-----END PGP SIGNATURE-----
Reply to: