Gentoo Archives: gentoo-dev

From: Joachim Blaabjerg <styx@×××××.org>
To: gentoo-dev@g.o
Subject: [gentoo-dev] Secure Gentoo
Date: Wed, 06 Mar 2002 11:47:28
1 Hi again, people,
3 If you don't have any further ideas/thoughts/objections/whatever, I'll
4 finally start working on Secure Gentoo (or whatever the name is) now.
5 I've had a few time problems lately, so I'm sorry I haven't got started
6 earlier.
8 What I'm going to do:
9 * Make a profile with a small (minimal) set of apps, and slowly expand
10 it as I get more packages done/patched.
11 * Make a kernel patch, probably based on the Gentoo kernel, but with
12 GrSecurity, kerneli, a few netfilter patches etc.
13 * Patch packages with patches from the Owl GNU/*/Linux project (of which
14 I am lucky to be a currently idling developer), and make ACLs for each
15 app.
17 My original intent was to use LIDS, but I've somewhat changed my mind.
18 The ACL system in grsec has matured greatly lately, and I'm trying it
19 out as we speak. Have any of you got any experiences or thoughts on this
20 you want to share?
22 I've got a few questions, too:
23 Will the Gentoo kernel use Andrea Arcangeli's VM or Rik van Riel's (-aa
24 or rmap)?
25 How will this be done practically? I'm thinking in particular about the
26 freeze, and the proposed unstable branch.
27 How paranoid should it be? My first plan was to create ACLs for each and
28 every binary and deny almost everything else, but that might be too
29 paranoid for most people. What do you think? How about three security
30 levels (no ACLs, normal ACLs and very strict ACls)?
32 Any other thoughts and ideas will be greatly appreciated :)
34 --
35 Joachim Blaabjerg
36 styx@×××××.org


Subject Author
Re: [gentoo-dev] Secure Gentoo Daniel Robbins <drobbins@g.o>
Re: [gentoo-dev] Secure Gentoo "P.Gnodde" <peter@××××××××××××.nl>
Re: [gentoo-dev] Secure Gentoo Sebastian Werner <sebastian@××××××××××××××××××.de>
Re: [gentoo-dev] Secure Gentoo Karl Trygve Kalleberg <karltk@×××××××.no>