Gentoo Archives: gentoo-pr

From: "Tiziano Müller" <dev-zero@g.o>
To: gentoo-pr@l.g.o
Subject: Re: [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Date: Fri, 01 Aug 2008 17:04:15
Message-Id: 1217610250.8001.16.camel@localhost
In Reply to: [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM] by Ferris McCormick
1 Well, it's surely worth to take a look at it and maybe try to establish
2 a good relationship with them, porting things back, etc.
3
4 Btw, would it perhaps make sense to have a mailinglist for people using
5 Gentoo as part of their business? Just thought that providing such
6 people a "directer line" to us could be helpful for both sides.
7
8 Am Freitag, den 01.08.2008, 15:09 +0000 schrieb Ferris McCormick:
9 > Most interesting. Perhaps of use to you?
10 >
11 > -------- Forwarded Message --------
12 > From: dante <dante@×××××××××××××××.net>
13 > Reply-To: gentoo-hardened@l.g.o
14 > To: gentoo-hardened@l.g.o
15 > Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM
16 > Date: Fri, 01 Aug 2008 08:24:01 -0400
17 >
18 > Hi everyone,
19 >
20 > My students and I have started a new gnome-based desktop linux distro
21 > derived from hardened Gentoo. It may be of interest to people on this
22 > list.
23 >
24 > Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from
25 > CD or pen drive, but is not a liveCD in that it doesn't mount a file
26 > system from the boot device. Rather it copies its squashfs from CD to
27 > tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it
28 > is lightening fast once up. ("emerge --sync" takes about a minute
29 > between a Tin Hat system offering portage, and one sync-ing from
30 > scratch. Firefox starts in about 1 second.)
31 >
32 > Tin Hat was started before the recent coldboot attacks. Within the
33 > limit of such attacks, Tin Hat aims at "zero information loss" if
34 > physical access is obtained to a system which is powered down. We add
35 > Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
36 > using one of the best implimentations of block cipher encryptions we
37 > know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge
38 > against all the usual attacks. We are now thinking about our own patch
39 > to obfuscate data in RAM to protect against coldboot --- but to be
40 > honest, we think we can only make it harder, not impossible.
41 >
42 > Tin Hat is stable. We run 6 systems persistently on clean power and
43 > have typical up times of a couple of months.
44 >
45 > We never intended on releasing Tin Hat, but the students love it so much
46 > (the speed!) we thought of announcing it on freshmeat. I thought I'd
47 > post to this list because of it is a successful implementation of
48 > hardened Gentoo.
49 >
50 > Home page: http://opensource.dyc.edu/tinhat
51 > Freshmeat: http://freshmeat.net/projects/tinhat
52 >
53 > Anthony G. Basile
54 > Chair of Information Technology
55 > D'Youville College
56 > Buffalo NY 14201
57 >
58 > (716) 829-8197
59 >
60 >
61 > Regards,
62 > Ferris
63 >
64 --
65 -------------------------------------------------------
66 Tiziano Müller
67 Gentoo Linux Developer
68 Areas of responsibility:
69 Samba, PostgreSQL, CPP, Python, sysadmin
70 E-Mail : dev-zero@g.o
71 GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies