[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security patches

Hi together!

On 2003-11-29 21:08 +1100, Russell Coker wrote:
> It's not a question of how difficult it is to get the grsec patch to apply and 
> work correctly on a Debian kernel.  It's a question of whether anyone is 
> prepared to do it.  

If using a Debian-patched kernel is a requirement then I guess that
there is not much one can do about that. (That's why I voted for
having clean upstream kernel sources in Debian and providing Debian
patch packages separately; but that has already been discussed without
much of an outcome...)

> As we want to use Debian kernels on Debian servers this precludes grsec at 
> this time.

Okay. Please don't get me wrong: I don't want to urge anybody to use
grsec, I'm rather interested in a technical discussion of the
(dis-)advantages of all options. I don't know much about e.g. SELinux,
so I would appreciate learning about it.

> > grsecurity keeps its configuration in a single file and has the best
> > design IMHO: it does _not_ need another system account, but either the
> > configuration can be changed by putting the current root shell into
> > 'admin mode' (by supplying a passphrase) or it cannot be changed at
> When the current root shell gets "admin mode" are other root processes 
> prevented from reading/writing it's pty?

Yes, of course. In my current ACL setting, _nothing_ (but login and
getty) is allowed to access /dev/vc/*; with ptys, a similar approach
would be do disallow access to /dev/pts/* in general and only allow it
to ssh (I don't use incoming ssh on my box, so I did not test this).

> > SELinux only uses LSM which makes it easy to port, but seems
> > impractical and even dangerous for real-world use [1][2]. Minor issues
> [1] and [2] are matters of opinion.  The opinion of Linus, most other kernel 
> developers, NSA people, etc is different.
> Anyone is free to believe that they know security better than the NSA people 
> and that they have better ideas for Linux kernel coding than Linus.  But they 
> are not going to convince me in a hurry.

That's why I wrote "it seems" and not "it is so". :-) However, the
arguments sound quite strong and I know a lot of people that share the
negative attitude against LSM. This does not mean that I claim to have
better understanding of security than Linux or the NSA; because I
don't, I just have to consider the opinions of other people.

> > that I noticed: it uses a quite complicated rule syntax and insists
> > (according to the docs) on using an initrd, which I don't want.
> The initrd was only a suggested approach, and we have changed that for the 
> next release.  The new plan is to have a modified version of init load the 
> policy so there is no need for an initrd.

That would be great!

Thanks for the information and have a nice Sunday!

Martin Pitt                 Debian GNU/Linux Developer
martin@piware.de                      mpitt@debian.org
http://www.piware.de             http://www.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: