Hi John,
El vie, 17-09-2004 a las 19:04, John Richard Moser escribió:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Lorenzo Hernandez Garcia-Hierro wrote:
> | Hi,
> |
>
> [...]
>
> | Debian Hardened is like Debian Junior, and the rest of subprojects.
> | *We* must provide the best (and the easiest) way to harden Debian for
> | advanced users, sysadmins or just people that want a really *more*
> | secure environment than the "common" one, that does not need to be
> | "insecure" but it will be more "unsafe" if you compare it with the same
> | system but hardened.
>
> I prefer directly hardening Debian with things that don't get in the way
> of the user. That's what I was going on about a month ago with PaX (I'm
> still working with that, just waiting until after Sarge). As long as
> the user doesn't have to see it, it can and I think should go into
> mainline Debian.
Debian Hardened is not a Debian-based distro, i said that it is a
hardened tree of packages and kernels that should replace (with user
election or by default, for example asking the user during the
installation if he wants to have extra security or if it will be used
for critical uses).
I think the same as you, it must go in the Debian mainline.
Debian.
-----------------------------
| |
^ ^
Kernel packages Software Packages.
--------------|----------- --------------|-----------------
Not Hardened | Hardened Hardened | Not hardened.
-------------------------- --------------------------------
\apt-get install harden /
\ debian-hardened /
\ /
| *KISS* |
|Keep it simple,stupid|
\---------------------/
> My point here is, you mention "advanced users" and "sysadmins;" but I'm
> focused on people who are too stupid to remember how to save a document
> in MS Word in RTF format instead of .doc.
Look above.
People is not stupid, my father is not stupid because he doesn't know
which "Debian" means...people want to do simply their things in their
live, that's usability and we can't make people start learning, for
example, LaTeX,TeX,whatever you want... if they only want to write poems
on a "page", or teach maths to their children.
> [...]
> | if
> | you a hardened binary (+SSP/ProPOlice and a library to trace the BOF
> | conditions) in a hardened environment (hardened kernel and RBAC/RSBAC
> | policies) it will be not dangerous as having a simple Debian!
>
> Ummmmmm, update anyway dude. It's still a DoS attack.
Buffer Overflow conditions in the stack will be stopped by ProPolice
(__guard ...).
>
> | We can start asking ourselves about "Why not making Debian hardened
> | directly?", we need to respect the freedom of choice and also, a normal
> | user wouldn't want to use RBAC...or not?
>
> Some technologies, like SSP and PIE, have to be compiled directly into
> the program. Most users would chose not to recompile their system. I
> believe that nobody would be particularly upset if their system was more
> secure *as* *long* *as* it does not become visible to them. If it looks
> no different, I think the 'lesser of two evils' here would be to be
> secure by default, and let the user who for some odd reason wants to be
> a target to rebuild.
Yes, ProPolice/SSP is a GCC extension.
Rebuild?
Ok, i'm a Gentoo user, mea culpa :P, but i thought that i din't say to
recompile packages, i said make binary packages in a different "branch".
(Again, the theme of the graphic i wrote above) .
> RBAC I'll agree with, it can be a pain in the ass and can change the way
> an administrator has to interact with the system, which can become
> confusing to the user. GRSecurity with active ACLs or an active SELinux
> shouldn't be on by default; but they can easily be options which the
> user can activate with a debconf program.
s/RBAC/RSBAC/
Yes, i agree with you.RSBAC is not "usable" for everybody.
But debconf can make a simple dialog asking for RBAC (grSecurity RSBAC
implementation in this case) password, then it starts.... -L
/var/log/rbac (or ${RBAC_LOG} for use it by debconf and asking what path
is the right one for the log).
Then it starts the engine....rbac learning....et voilá!
Cheers!
--
Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente