On Fri, Mar 30, 2001 at 05:48:28PM -0300, DrPablo@mail.com wrote: I think that this is generally a great idea. There is definately a need for a more secure system than the default, and besides, efforts to create a fortified port could lead to improvements in the standard distro as well. > Alright... my idea is to create something that makes Debian enters > that list. But what?... It could be a port!!! Like Debian Hurd, or Debian m68k, > or Debian Alpha, and so on.... (We can call this Debian Paranoid ;-) ) Maybe not an entire port... but at least some specially labeled security enhanced packages (like versions that end in _se or something). > But why an entire port? These are the reasons: > * everything must be recompiled under stackguard > (http://www.immunix.org/stackguard.html). This would prevent the famous > "stack smashing" attack. Only suid root and other potentially hazardous programs should need to be compiled in this way... definately not everything, which would be a LOT of work for no good reason. > * glibc must be patched with formatguard > (http://www.immunix.org/formatguard.html). This would prevent the > "format bugs", a bug in the printf function. > * libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be > incorporated, in order to prevent several buffer overflow exploits. Again, this isn't so important with non-suid packages... although general libs that could ever potentially be used by a suid program would have to be protected as well. > * the kernel may be patched with the latest security patches, not only > from the official tree, but also the followings: > * Openwall (http://www.openwall.com/linux/), which adds a new > Security section in kernel configuration. This is one of the > most known patches around; > * HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/), > which is a set of patches incremental to the first one. > * LIDS (http://www.lids.org), which is a Intrusion Detection > System patched into the kernel. > * Linux IP Personality patch (http://ippersonality.sourceforge.net/), > which makes remote SO query very hard (I guess only kernel 2.4 is > supported). > * NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), which > adds mandatory access controls to linux. It would be good to have a port with selinux... but this definately should not be in the regular distro (not yet!) Of course, selinux is new and may warrent some time to establish itself. > * Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/), > (I guess this one is too early yet) which hides your machine from > the network. > * SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), which > adds the option to execute a program when system crashes > (using Alt-SysRq-X) > * SubDomain kernel extension (http://www.immunix.org/subdomain.html), > which is a better implementation of the chroot jail concept. > * International Kernel Patch (http://www.kerneli.org), which permits > loopback encryption filesystems > * every package that deals with network must be defaultly configured to the > most paranoid options (e.g. Squid should have lots of headers filters > turned on, etc) > * PAM must come with md5 hash enabled by default. I think that md5 should be the default regardless... although people should be given the option during install. Again, I think that this would be A GOOD THING. There are many corporations and other environments that could really use the added security. I think that the availability of a highly secure distro or port would further establish linux (indeed, Debian) as a first class industrial strength OS. -- John Patton patton66@home.com Get my GnuPG public key: finger john@24.22.215.225 "I can resist everything but temptation." - Oscar Wilde
Attachment:
pgppTTZyWHsDZ.pgp
Description: PGP signature