Re: Security trough paranoia
On Fri, Mar 30, 2001 at 05:46:42PM -0300, DrPablo@mail.com wrote:
> * everything must be recompiled under stackguard
> (http://www.immunix.org/stackguard.html). This would prevent the famous
> "stack smashing" attack.
Shirley not everything!
> * glibc must be patched with formatguard
> (http://www.immunix.org/formatguard.html). This would prevent the
> "format bugs", a bug in the printf function.
> * libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be
> incorporated, in order to prevent several buffer overflow exploits.
See above. This can be done on per-package basis.
> * the kernel may be patched with the latest security patches, not only
> from the official tree, but also the followings:
> * Openwall (http://www.openwall.com/linux/), which adds a new
> Security section in kernel configuration. This is one of the
> most known patches around;
> * HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/),
> which is a set of patches incremental to the first one.
> * LIDS (http://www.lids.org), which is a Intrusion Detection
> System patched into the kernel.
> * Linux IP Personality patch (http://ippersonality.sourceforge.net/),
> which makes remote SO query very hard (I guess only kernel 2.4 is
> supported).
> * NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), which
> adds mandatory access controls to linux.
> * Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/),
> (I guess this one is too early yet) which hides your machine from
> the network.
> * SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), which
> adds the option to execute a program when system crashes
> (using Alt-SysRq-X)
> * SubDomain kernel extension (http://www.immunix.org/subdomain.html),
> which is a better implementation of the chroot jail concept.
> * International Kernel Patch (http://www.kerneli.org), which permits
> loopback encryption filesystems
... and call the result "Debian Enterprise Kernel", aka D(r)EK.
Are these patches compatible with each other? What if I want only some of
those patches (eg. I'm a German govt. employee & I'm not allowed to run any
code that's been touched by NSA)? Or do you propose to have 9! kernel
packages?
> * every package that deals with network must be defaultly configured to the
> most paranoid options (e.g. Squid should have lots of headers filters
> turned on, etc)
This is fair enough, except that this must _not_ be the default, for obvious
reasons. "Paranoid" intall/config option is OK. This should be done in package's
*inst script, anyway, no reason to create another distro.
> * PAM must come with md5 hash enabled by default.
No. Think heterogeneous networks.
Dima
--
E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home)
http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
Well, lusers are technically human. -- Red Drag Diva in ASR
Reply to: