1 |
Can someone explain to me the difference between kerneli and the |
2 |
International Crypto API kernel modules? I'd really like to be able to use |
3 |
encrypted filesystems that use something a little stronger than DES. |
4 |
|
5 |
Thanks, |
6 |
|
7 |
Matt |
8 |
|
9 |
On Wednesday 06 March 2002 02:24 pm, you wrote: |
10 |
> On Wed, 6 Mar 2002 19:53:12 +0100 |
11 |
> |
12 |
> P.Gnodde <peter@××××××××××××.nl> wrote: |
13 |
> > Hi all, |
14 |
> > |
15 |
> > It has not been long ago since I've installed Gentoo, but at the moment |
16 |
> > it's running on my desktop, laptop and 1 of my servers (the other 2 run |
17 |
> > openbsd and slackware and I do not plan at replacing them :). I really |
18 |
> > like this distribution and am still learning new things about linux |
19 |
> > because of it :). |
20 |
> > |
21 |
> > Back to the topic at hand ... I am just starting to get interested in |
22 |
> > security issues with linux. The company I work for has some sensative |
23 |
> > data of customers, so I used the kerneli patch to create an encrypted |
24 |
> > filesystem. And I like it. I've also been reading up on other issues, |
25 |
> > like random filehandles and stuff like that. I'd really like to learn |
26 |
> > more about it, so perhaps I can help in some ways with this Secure Gentoo |
27 |
> > project if it's needed (testing of beta patches/packages, etc.) (btw, I'm |
28 |
> > a coder, but I do not have much experience in kernelhacking or security |
29 |
> > related projects) |
30 |
> > |
31 |
> > > * Make a kernel patch, probably based on the Gentoo kernel, but with |
32 |
> > > GrSecurity, kerneli, a few netfilter patches etc. |
33 |
> > |
34 |
> > At the moment I have the gentoo kernel running with the kerneli patch. |
35 |
> > The GrSecurity patch had a few failed hunks, I'm integrating them now. If |
36 |
> > your interested I could send you a patch after I'm done. I also have a |
37 |
> > ready to install package of util-linux, with the kerneli patch. I don't |
38 |
> > yet know if the combination is stable :). |
39 |
> > |
40 |
> > > Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa |
41 |
> > > or rmap)? |
42 |
> > |
43 |
> > I think rmap is pretty stable now and most problems have been solved, |
44 |
> > it's been good for Rik van Riel to have a little freedom in developing |
45 |
> > the VM :). Although I do know that Rik used to work for a (network) |
46 |
> > security company here in Holland :). |
47 |
> > |
48 |
> > > How will this be done practically? I'm thinking in particular about the |
49 |
> > > freeze, and the proposed unstable branch. |
50 |
> > |
51 |
> > Perhaps start a new branch, so we have a 'stable', 'unstable' and |
52 |
> > 'secure' branch. |
53 |
> > |
54 |
> > > How paranoid should it be? My first plan was to create ACLs for each |
55 |
> > > and every binary and deny almost everything else, but that might be too |
56 |
> > > paranoid for most people. What do you think? How about three security |
57 |
> > > levels (no ACLs, normal ACLs and very strict ACls)? |
58 |
> > |
59 |
> > The levels idea sounds like a nice idea, but it should be documented |
60 |
> > really good, so users can choose a good security level for their |
61 |
> > purposes. |
62 |
> |
63 |
> I must make a note here, usually with security levels its too, how can I |
64 |
> say this... 'generic', I mean you could look at how buggy a daemon has been |
65 |
> in the past and have it marked level 4 security and other stuff too, but I |
66 |
> usually think of security as something the user sets up himself. I like it |
67 |
> this way. The other thing is, the user installs/starts the servers he |
68 |
> wants, so there is no real need for security levels since the user will |
69 |
> really do whatever he wants. |
70 |
> |
71 |
> Nic D. |
72 |
> |
73 |
> > Regards, |
74 |
> > |
75 |
> > Peter Gnodde |
76 |
> > PCS Webdesign BV |
77 |
> > http://www.pcswebdesign.nl/ |
78 |
> > _______________________________________________ |
79 |
> > gentoo-dev mailing list |
80 |
> > gentoo-dev@g.o |
81 |
> > http://lists.gentoo.org/mailman/listinfo/gentoo-dev |
82 |
> |
83 |
> _______________________________________________ |
84 |
> gentoo-dev mailing list |
85 |
> gentoo-dev@g.o |
86 |
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev |