| 1 |
El 27/09/10 20:58, Sven Vermeulen escribió: |
| 2 |
> |
| 3 |
> Hi, |
| 4 |
> |
| 5 |
> First a few general remarks, not related to the documentation you've |
| 6 |
> written. Please, don't hesitate to comment on anything I write, and |
| 7 |
> don't treat what I write as the absolute truth (I hope it is, but I'm |
| 8 |
> still only human). Also treat it as constructive criticism. |
| 9 |
> |
| 10 |
> Oh, and take your time to read it, I don't expect answers within |
| 11 |
> minutes ;-) |
| 12 |
> |
| 13 |
> When we need to write documentation, we should take special care that |
| 14 |
> the documentation we write is easily maintainable. If there are only a |
| 15 |
> handful of developers available to maintain the documentation, don't try |
| 16 |
> to duplicate much of the documentation provided by the projects |
| 17 |
> themselves (PaX, SELinux, ...) but rather refer to those documents |
| 18 |
> instead. |
| 19 |
> |
| 20 |
> The main reason is that people tend to ignore documentation if they find |
| 21 |
> something outdated inside it. We don't want people to ignore our |
| 22 |
> documents because a paragraph on grSecurity is outdated, even though all |
| 23 |
> Gentoo-related commands (and other info) is still very much valid. You |
| 24 |
> can easily persuade yourself of this fact if you imagine you're reading |
| 25 |
> a document on SELinux and it talks about the reference policy, version 1 |
| 26 |
> (rather than 2). I personally tend to skip the document and search for a |
| 27 |
> more recent one then, even though the document itself may still be 100% |
| 28 |
> valid. |
| 29 |
Looks reasonable, the actual idea is splitting the document so it can |
| 30 |
replace older grsec / pax guides. |
| 31 |
> Because of the maintenance issues we might face, I would suggest a |
| 32 |
> documentation approach using stages. |
| 33 |
> |
| 34 |
> First, write up quick reference(s) on how to deal with the various |
| 35 |
> security projects on Gentoo Hardened. Treat the references as if they |
| 36 |
> are meant for knowledgeable people (who know how to search for |
| 37 |
> information) and try sticking with the Gentoo Hardened related |
| 38 |
> activities & commands. Yes, it's fine to document commands that are not |
| 39 |
> Gentoo Hardened specific, as long as the commands (and other reference |
| 40 |
> material) is going to be used by developers and users. |
| 41 |
No problem with this, though that'd take some time, I usually wrote docs |
| 42 |
either by request or because I find something undocumented, I'd like to |
| 43 |
know what people misses to write it :/ |
| 44 |
> Second (after the quick references), write developer documentation. A |
| 45 |
> project is only as active as its developers are, so good developer |
| 46 |
> documentation is a must. Developer documentation has the advantage that |
| 47 |
> you can assume certain knowledge from the reader, and you don't need to |
| 48 |
> write it in perfect phrazes. As long as it is understandable (for |
| 49 |
> non-native English speakers) it's fine. |
| 50 |
I can help developers with this, but I can't write this kinds of things |
| 51 |
because I can't go into the minds of the developers, and I think is |
| 52 |
faster and more efficient if they try to say what they are doing rather |
| 53 |
than reverse engineering everything. (Needless to say I don't mind |
| 54 |
correct, add references and the likes once I have something to start with). |
| 55 |
> Only when such documentation is over can we think about user |
| 56 |
> documentation. User documentation should be focusing on the end goal of |
| 57 |
> the project (or subprojects). Don't try to duplicate documentation if |
| 58 |
> the master project (SELinux, grSecurity, ...) offers great |
| 59 |
> documentation; however, you don't want to refer to documentation of |
| 60 |
> different distributions (not only for PR reasons, but also because those |
| 61 |
> documents most often include the policies and principles of those |
| 62 |
> distributions which may not be up to par with Gentoo Hardened's). |
| 63 |
Sometimes other distros documents is all the sources we have to say what |
| 64 |
things does :( |
| 65 |
> Okay, with that said - good thing it's written, I would hate to repeat |
| 66 |
> all that verbally ;-) - some feedback on the "GentooHardenedWhy" |
| 67 |
> document... |
| 68 |
> |
| 69 |
> - You're starting with the assumption that the reader has knowledge |
| 70 |
> about how process memory works. Later on, you explain it a bit more |
| 71 |
> but you still use many terms that will be unknown to non-programmers |
| 72 |
> (and especially 'standard' system administrators). That's okay, but |
| 73 |
> you might want to inform the user about prerequired knowledge before |
| 74 |
> diving into the topic. |
| 75 |
Good idea, I'll do that. Anyway, aside from the attacks section, where |
| 76 |
are the odd words? |
| 77 |
Obviously to know how things like stack overflows work you must be a |
| 78 |
programmer or have some programming knowledge (at least until I have |
| 79 |
time to write a more real life like example). |
| 80 |
> - I had troubles interpreting the tables that represent the stacks |
| 81 |
> first: I didn't really interprete the first headings as being headings |
| 82 |
> but rather data (which is really confusing). Also, if one doesn't |
| 83 |
> really understand how stacks are used (and how they grow) it might be |
| 84 |
> difficult to understand how you come from the "before" to the "after" |
| 85 |
> state. |
| 86 |
Okay, I'll try to explain that. |
| 87 |
> - Of all the protections that Gentoo Hardened provides, I fail to find |
| 88 |
> how to enable it (which is what users will look for). I know the |
| 89 |
> toolchain provides it, and I assume it is enabled if USE="hardened" is |
| 90 |
> set and the correct profile is used. |
| 91 |
True, the original intention of the document was that it was meant for |
| 92 |
people who didn't know of hardened, something like a commercial |
| 93 |
brochure, though it growed a lot. |
| 94 |
> - Your risk tables do not refer to the method or source used to generate |
| 95 |
> the risk numbers. I'm pretty sure you know what you're talking about, |
| 96 |
> but it might be interesting to tell the users how you came to the |
| 97 |
> numbers, or use online resources to back up the figures |
| 98 |
Mainly it comes from my own experience trying to exploit said |
| 99 |
vulnerabilities by my self. Anyway I should do a more serious analysis. |
| 100 |
> Generally, I get the feeling the document is more an article (one-time |
| 101 |
> useful read) rather than a to-be-maintained document. It's a good read |
| 102 |
> to refer people to when they ask what Gentoo Hardened actually does, but |
| 103 |
> misses some user-related content which might steer away a large number |
| 104 |
> of interested users. |
| 105 |
> |
| 106 |
Originally that was the idea, but I want to split it in smaller |
| 107 |
documents. I suppose that adding the "How to enable it" would be a great |
| 108 |
idea. |
Archives