| 1 |
On Sze, Február 13, 2008 06:07, Geoff Kassel wrote: |
| 2 |
> |
| 3 |
> No problems. My background in QA is primarily regression testing and code |
| 4 |
> quality reviews (although it's been ages since I've done any of this with |
| 5 |
> C) - my formal methods background is formal specification, model checking, |
| 6 |
> theorem proving, and formal derivation of code from formal specification. |
| 7 |
> (Yes, I'm a recovering academic :) |
| 8 |
|
| 9 |
It would be a good strategy IMHO to recruit graduates to work on security |
| 10 |
stuff. It's a really fascinating topic to immerse in the depth of the |
| 11 |
toolchain and its security features - for a passionate graduate. Of course |
| 12 |
it requires a supervisor... |
| 13 |
|
| 14 |
> |
| 15 |
> While I'm dreaming I'd also like to do something about making GRSEC easier |
| 16 |
> to |
| 17 |
> set up (an upstream issue, I know) as it has so much promise, and the |
| 18 |
|
| 19 |
I think grsec would need some kind of configuration mechanism similar to |
| 20 |
SELinux. It could be either implemented on a per-ebuild basis or as a base |
| 21 |
policy. That could be further extended with additional features according |
| 22 |
to the particular box. Using m4 would be a good candidate to generate the |
| 23 |
redundant per user stuff. I think many of us could contribute to the |
| 24 |
policy. The hardest task would be to agree on the differences regarding |
| 25 |
the security requirements. But that could be made configurable also. |
| 26 |
Configuration intelligence could investigate the contents of the conf |
| 27 |
directory to tailor the policy to the specific settings... |
| 28 |
|
| 29 |
> basic |
| 30 |
> configuration isn't nearly as paranoid as I'd like it to be :) and it's |
| 31 |
> very |
| 32 |
> difficult and time-consuming to make it so. I gave up doing so, and I like |
| 33 |
> to |
| 34 |
> think I'm not a complete n00b. PaX, PIE and SSP are practically |
| 35 |
> fire-and-forget in comparison. |
| 36 |
|
| 37 |
I have to regularly revise my policy to keep the box running. I've also |
| 38 |
ended up loosening the security in order to make the system usable. |
| 39 |
|
| 40 |
> |
| 41 |
> Speaking of PaX, another great, impossible thing would be to have a |
| 42 |
> kernel-level feature for handling PaX violations in a less violent manner |
| 43 |
> (core dumps are violent, in my mind) - perhaps suspension of the process |
| 44 |
> in |
| 45 |
> question until investigated, with the possibility of resumption or |
| 46 |
> termination by someone with sufficient security permissions. (Perhaps I'm |
| 47 |
> just unaware of an already existing feature.) Again, an upstream issue. |
| 48 |
|
| 49 |
I think it depends on the type of denial. If it's a textrel, that's not so |
| 50 |
serious. However if it's a stack-smashing: I don't want to have a single |
| 51 |
piece of those code on my system... |
| 52 |
|
| 53 |
Regards, |
| 54 |
Dw. |
| 55 |
-- |
| 56 |
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
| 57 |
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
| 58 |
|
| 59 |
|
| 60 |
-- |
| 61 |
gentoo-hardened@l.g.o mailing list |
Archives