Hi together! On 2003-11-29 21:08 +1100, Russell Coker wrote: > It's not a question of how difficult it is to get the grsec patch to apply and > work correctly on a Debian kernel. It's a question of whether anyone is > prepared to do it. If using a Debian-patched kernel is a requirement then I guess that there is not much one can do about that. (That's why I voted for having clean upstream kernel sources in Debian and providing Debian patch packages separately; but that has already been discussed without much of an outcome...) > As we want to use Debian kernels on Debian servers this precludes grsec at > this time. Okay. Please don't get me wrong: I don't want to urge anybody to use grsec, I'm rather interested in a technical discussion of the (dis-)advantages of all options. I don't know much about e.g. SELinux, so I would appreciate learning about it. > > grsecurity keeps its configuration in a single file and has the best > > design IMHO: it does _not_ need another system account, but either the > > configuration can be changed by putting the current root shell into > > 'admin mode' (by supplying a passphrase) or it cannot be changed at > > When the current root shell gets "admin mode" are other root processes > prevented from reading/writing it's pty? Yes, of course. In my current ACL setting, _nothing_ (but login and getty) is allowed to access /dev/vc/*; with ptys, a similar approach would be do disallow access to /dev/pts/* in general and only allow it to ssh (I don't use incoming ssh on my box, so I did not test this). > > SELinux only uses LSM which makes it easy to port, but seems > > impractical and even dangerous for real-world use [1][2]. Minor issues > > [1] and [2] are matters of opinion. The opinion of Linus, most other kernel > developers, NSA people, etc is different. > > Anyone is free to believe that they know security better than the NSA people > and that they have better ideas for Linux kernel coding than Linus. But they > are not going to convince me in a hurry. That's why I wrote "it seems" and not "it is so". :-) However, the arguments sound quite strong and I know a lot of people that share the negative attitude against LSM. This does not mean that I claim to have better understanding of security than Linux or the NSA; because I don't, I just have to consider the opinions of other people. > > that I noticed: it uses a quite complicated rule syntax and insists > > (according to the docs) on using an initrd, which I don't want. > > The initrd was only a suggested approach, and we have changed that for the > next release. The new plan is to have a modified version of init load the > policy so there is no need for an initrd. That would be great! Thanks for the information and have a nice Sunday! Martin -- Martin Pitt Debian GNU/Linux Developer martin@piware.de mpitt@debian.org http://www.piware.de http://www.debian.org
Attachment:
signature.asc
Description: Digital signature