1 |
El 27/09/10 20:58, Sven Vermeulen escribió: |
2 |
> |
3 |
> Hi, |
4 |
> |
5 |
> First a few general remarks, not related to the documentation you've |
6 |
> written. Please, don't hesitate to comment on anything I write, and |
7 |
> don't treat what I write as the absolute truth (I hope it is, but I'm |
8 |
> still only human). Also treat it as constructive criticism. |
9 |
> |
10 |
> Oh, and take your time to read it, I don't expect answers within |
11 |
> minutes ;-) |
12 |
> |
13 |
> When we need to write documentation, we should take special care that |
14 |
> the documentation we write is easily maintainable. If there are only a |
15 |
> handful of developers available to maintain the documentation, don't try |
16 |
> to duplicate much of the documentation provided by the projects |
17 |
> themselves (PaX, SELinux, ...) but rather refer to those documents |
18 |
> instead. |
19 |
> |
20 |
> The main reason is that people tend to ignore documentation if they find |
21 |
> something outdated inside it. We don't want people to ignore our |
22 |
> documents because a paragraph on grSecurity is outdated, even though all |
23 |
> Gentoo-related commands (and other info) is still very much valid. You |
24 |
> can easily persuade yourself of this fact if you imagine you're reading |
25 |
> a document on SELinux and it talks about the reference policy, version 1 |
26 |
> (rather than 2). I personally tend to skip the document and search for a |
27 |
> more recent one then, even though the document itself may still be 100% |
28 |
> valid. |
29 |
Looks reasonable, the actual idea is splitting the document so it can |
30 |
replace older grsec / pax guides. |
31 |
> Because of the maintenance issues we might face, I would suggest a |
32 |
> documentation approach using stages. |
33 |
> |
34 |
> First, write up quick reference(s) on how to deal with the various |
35 |
> security projects on Gentoo Hardened. Treat the references as if they |
36 |
> are meant for knowledgeable people (who know how to search for |
37 |
> information) and try sticking with the Gentoo Hardened related |
38 |
> activities & commands. Yes, it's fine to document commands that are not |
39 |
> Gentoo Hardened specific, as long as the commands (and other reference |
40 |
> material) is going to be used by developers and users. |
41 |
No problem with this, though that'd take some time, I usually wrote docs |
42 |
either by request or because I find something undocumented, I'd like to |
43 |
know what people misses to write it :/ |
44 |
> Second (after the quick references), write developer documentation. A |
45 |
> project is only as active as its developers are, so good developer |
46 |
> documentation is a must. Developer documentation has the advantage that |
47 |
> you can assume certain knowledge from the reader, and you don't need to |
48 |
> write it in perfect phrazes. As long as it is understandable (for |
49 |
> non-native English speakers) it's fine. |
50 |
I can help developers with this, but I can't write this kinds of things |
51 |
because I can't go into the minds of the developers, and I think is |
52 |
faster and more efficient if they try to say what they are doing rather |
53 |
than reverse engineering everything. (Needless to say I don't mind |
54 |
correct, add references and the likes once I have something to start with). |
55 |
> Only when such documentation is over can we think about user |
56 |
> documentation. User documentation should be focusing on the end goal of |
57 |
> the project (or subprojects). Don't try to duplicate documentation if |
58 |
> the master project (SELinux, grSecurity, ...) offers great |
59 |
> documentation; however, you don't want to refer to documentation of |
60 |
> different distributions (not only for PR reasons, but also because those |
61 |
> documents most often include the policies and principles of those |
62 |
> distributions which may not be up to par with Gentoo Hardened's). |
63 |
Sometimes other distros documents is all the sources we have to say what |
64 |
things does :( |
65 |
> Okay, with that said - good thing it's written, I would hate to repeat |
66 |
> all that verbally ;-) - some feedback on the "GentooHardenedWhy" |
67 |
> document... |
68 |
> |
69 |
> - You're starting with the assumption that the reader has knowledge |
70 |
> about how process memory works. Later on, you explain it a bit more |
71 |
> but you still use many terms that will be unknown to non-programmers |
72 |
> (and especially 'standard' system administrators). That's okay, but |
73 |
> you might want to inform the user about prerequired knowledge before |
74 |
> diving into the topic. |
75 |
Good idea, I'll do that. Anyway, aside from the attacks section, where |
76 |
are the odd words? |
77 |
Obviously to know how things like stack overflows work you must be a |
78 |
programmer or have some programming knowledge (at least until I have |
79 |
time to write a more real life like example). |
80 |
> - I had troubles interpreting the tables that represent the stacks |
81 |
> first: I didn't really interprete the first headings as being headings |
82 |
> but rather data (which is really confusing). Also, if one doesn't |
83 |
> really understand how stacks are used (and how they grow) it might be |
84 |
> difficult to understand how you come from the "before" to the "after" |
85 |
> state. |
86 |
Okay, I'll try to explain that. |
87 |
> - Of all the protections that Gentoo Hardened provides, I fail to find |
88 |
> how to enable it (which is what users will look for). I know the |
89 |
> toolchain provides it, and I assume it is enabled if USE="hardened" is |
90 |
> set and the correct profile is used. |
91 |
True, the original intention of the document was that it was meant for |
92 |
people who didn't know of hardened, something like a commercial |
93 |
brochure, though it growed a lot. |
94 |
> - Your risk tables do not refer to the method or source used to generate |
95 |
> the risk numbers. I'm pretty sure you know what you're talking about, |
96 |
> but it might be interesting to tell the users how you came to the |
97 |
> numbers, or use online resources to back up the figures |
98 |
Mainly it comes from my own experience trying to exploit said |
99 |
vulnerabilities by my self. Anyway I should do a more serious analysis. |
100 |
> Generally, I get the feeling the document is more an article (one-time |
101 |
> useful read) rather than a to-be-maintained document. It's a good read |
102 |
> to refer people to when they ask what Gentoo Hardened actually does, but |
103 |
> misses some user-related content which might steer away a large number |
104 |
> of interested users. |
105 |
> |
106 |
Originally that was the idea, but I want to split it in smaller |
107 |
documents. I suppose that adding the "How to enable it" would be a great |
108 |
idea. |