On Fri, Mar 30, 2001 at 05:46:42PM -0300, [EMAIL PROTECTED] wrote: > * everything must be recompiled under stackguard > (http://www.immunix.org/stackguard.html). This would prevent the > famous > "stack smashing" attack.
Shirley not everything! > * glibc must be patched with formatguard > (http://www.immunix.org/formatguard.html). This would prevent the > "format bugs", a bug in the printf function. > * libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be > incorporated, in order to prevent several buffer overflow exploits. See above. This can be done on per-package basis. > * the kernel may be patched with the latest security patches, not only > from the official tree, but also the followings: > * Openwall (http://www.openwall.com/linux/), which adds a new > Security section in kernel configuration. This is one of the > most known patches around; > * HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/), > which is a set of patches incremental to the first one. > * LIDS (http://www.lids.org), which is a Intrusion Detection > System patched into the kernel. > * Linux IP Personality patch > (http://ippersonality.sourceforge.net/), > which makes remote SO query very hard (I guess only kernel > 2.4 is > supported). > * NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), > which > adds mandatory access controls to linux. > * Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/), > (I guess this one is too early yet) which hides your machine > from > the network. > * SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), > which > adds the option to execute a program when system crashes > (using Alt-SysRq-X) > * SubDomain kernel extension > (http://www.immunix.org/subdomain.html), > which is a better implementation of the chroot jail concept. > * International Kernel Patch (http://www.kerneli.org), which > permits > loopback encryption filesystems ... and call the result "Debian Enterprise Kernel", aka D(r)EK. Are these patches compatible with each other? What if I want only some of those patches (eg. I'm a German govt. employee & I'm not allowed to run any code that's been touched by NSA)? Or do you propose to have 9! kernel packages? > * every package that deals with network must be defaultly configured to > the > most paranoid options (e.g. Squid should have lots of headers filters > turned on, etc) This is fair enough, except that this must _not_ be the default, for obvious reasons. "Paranoid" intall/config option is OK. This should be done in package's *inst script, anyway, no reason to create another distro. > * PAM must come with md5 hash enabled by default. No. Think heterogeneous networks. Dima -- E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home) http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key Well, lusers are technically human. -- Red Drag Diva in ASR
