Solar Designer on Openwall 25
Demonfly writes to tell us that Solar Designer, who some would argue is one of the more respected security experts on the net, took the time to answer a few questions about the future of Openwall, the security enhanced GNU/Linux distro. From the interview: "There's real demand specifically for security-enhanced Linux systems. Linux is widespread, it has good hardware support, there's a lot of software available for it (including some commercial packages), and there are system administrators with specific Linux skills. Of course, OpenBSD and other *BSDs have their user bases, too - and people are working on the security of those systems. No, Linux (the kernel) is not a better choice than *BSDs security-wise. But it is not substantially worse either."
Disagree (Score:1, Flamebait)
Re:Disagree (Score:2)
what i'd gladly see in the linux world, userspace transparent jailing (meaning i could run my applications without endangering the rest of the system). i could give the application read access where it needs to read, hide files that it doesn't need to know about, and not let it write a thing except the directory that it runs in. sure ru
Re:Disagree (Score:2)
simple marketing (Score:1)
Solar Designer on Openwall (Score:2, Insightful)
Re:Solar Designer on Openwall (Score:1, Funny)
Real question (Score:5, Informative)
The openwall patches for 2.4 do the following three really useful things. Hardware compatibility is pushing me to 2.6 but I'd sure like to have the patches:
Non-executable stack (defeats most buffer-overflow attacks)
Restricted links and fifos in
Restricted
got it already (Score:3, Informative)
Rather than restricting
You can restrict
Re:got it already (Score:3, Interesting)
Then why does the stacktest.c program from openwall succeed in simulating a buffer overflow in SuSE Enterprise 9 with kernel 2.6.15.6?
You can restrict
Yeah? Which?
Re:got it already (Score:2)
SE Linux should do fine for restricting
Ask the good folks a sdf.lonestar.org about Linux. (Score:2)
I seem to recall reading that SDF -had- Linux, in a past life,
but - after an intrusion - -now- use NetBSD or the like.
They'd surely have something useful to say about Linux v BSD
security.
Does anybody know any of their admin's of the times to ask?
FYI: sdf.lonestar.org is a long-time "free" Shell provider
(I have NO pecuniary interest in their organisation)
openwall (Score:2, Interesting)
It is because of this that other projects were allowed to flourish, namely
Re:openwall (Score:1)
Yes.
That's why many (me included) use openwall patches when rolling 2.4 kernels.
Feature-rich means "may-be-buggy" (or at least harder to review and apply).
I think trust is the keyword for this situation.
I trust openwall.
Their patches work and do only a few simple but important things.
This is the Right Way in unix world.