1 |
Well, it's surely worth to take a look at it and maybe try to establish |
2 |
a good relationship with them, porting things back, etc. |
3 |
|
4 |
Btw, would it perhaps make sense to have a mailinglist for people using |
5 |
Gentoo as part of their business? Just thought that providing such |
6 |
people a "directer line" to us could be helpful for both sides. |
7 |
|
8 |
Am Freitag, den 01.08.2008, 15:09 +0000 schrieb Ferris McCormick: |
9 |
> Most interesting. Perhaps of use to you? |
10 |
> |
11 |
> -------- Forwarded Message -------- |
12 |
> From: dante <dante@×××××××××××××××.net> |
13 |
> Reply-To: gentoo-hardened@l.g.o |
14 |
> To: gentoo-hardened@l.g.o |
15 |
> Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM |
16 |
> Date: Fri, 01 Aug 2008 08:24:01 -0400 |
17 |
> |
18 |
> Hi everyone, |
19 |
> |
20 |
> My students and I have started a new gnome-based desktop linux distro |
21 |
> derived from hardened Gentoo. It may be of interest to people on this |
22 |
> list. |
23 |
> |
24 |
> Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from |
25 |
> CD or pen drive, but is not a liveCD in that it doesn't mount a file |
26 |
> system from the boot device. Rather it copies its squashfs from CD to |
27 |
> tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it |
28 |
> is lightening fast once up. ("emerge --sync" takes about a minute |
29 |
> between a Tin Hat system offering portage, and one sync-ing from |
30 |
> scratch. Firefox starts in about 1 second.) |
31 |
> |
32 |
> Tin Hat was started before the recent coldboot attacks. Within the |
33 |
> limit of such attacks, Tin Hat aims at "zero information loss" if |
34 |
> physical access is obtained to a system which is powered down. We add |
35 |
> Ruusu's loop-aes patch to the kernel so that any hard drives are mounted |
36 |
> using one of the best implimentations of block cipher encryptions we |
37 |
> know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge |
38 |
> against all the usual attacks. We are now thinking about our own patch |
39 |
> to obfuscate data in RAM to protect against coldboot --- but to be |
40 |
> honest, we think we can only make it harder, not impossible. |
41 |
> |
42 |
> Tin Hat is stable. We run 6 systems persistently on clean power and |
43 |
> have typical up times of a couple of months. |
44 |
> |
45 |
> We never intended on releasing Tin Hat, but the students love it so much |
46 |
> (the speed!) we thought of announcing it on freshmeat. I thought I'd |
47 |
> post to this list because of it is a successful implementation of |
48 |
> hardened Gentoo. |
49 |
> |
50 |
> Home page: http://opensource.dyc.edu/tinhat |
51 |
> Freshmeat: http://freshmeat.net/projects/tinhat |
52 |
> |
53 |
> Anthony G. Basile |
54 |
> Chair of Information Technology |
55 |
> D'Youville College |
56 |
> Buffalo NY 14201 |
57 |
> |
58 |
> (716) 829-8197 |
59 |
> |
60 |
> |
61 |
> Regards, |
62 |
> Ferris |
63 |
> |
64 |
-- |
65 |
------------------------------------------------------- |
66 |
Tiziano Müller |
67 |
Gentoo Linux Developer |
68 |
Areas of responsibility: |
69 |
Samba, PostgreSQL, CPP, Python, sysadmin |
70 |
E-Mail : dev-zero@g.o |
71 |
GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30 |