From: Stephan Eck (Heintze.Eckt-online.de)
Date: Thu Mar 25 2004 - 11:10:57 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Vincent,

i'm really interested in learning more about securing a Mandrake based
server,
so please keep me up to date.

I think that tools preventing buffer overflows (like the w^x feature in
OpenBSD)
at the operating system level are very important, because applications
will allways be vulnerable to this kind of attack.

Have you integrated such a feature in your project?

Best regards
Stephan

-----Ursprungliche Nachricht-----
Von: Vincent Danen [mailto:vdanenmandrakesoft.com]
Gesendet: Mittwoch, 24. Marz 2004 19:41
An: discussmandrakesecure.net
Betreff: [discuss] secure server

Something that may interest some of you. I've been spending a few
months working on a side project which is a secure server based on
Mandrake. Essentially, it's Mandrake with some enhancements I think
are needed for a server OS (think Corporate Server with some nice
extensions). It's based on Mandrake 9.2 (you currently need a 9.2
system to bootstrap an upgrade). Don't want to let the cat out of the
bag too much, but it's nearing a "beta" stage. A few things are still
missing/incomplete, but it would be interesting to solicit some
opinions.

Note that this is not a Mandrake-sanctioned project; it's purely a
personal "proof of concept" (currently) project. I got tired of using
Mandrake for servers and having to deal with the associated bloat and
some insecurities. This is definitely not something that could ever be
integrated into Mandrake proper because it's far too secure. =) Just
to get your tastebuds wet, some of the features include a
SELinux-enabled kernel (although this is not nearly complete as the
policies will take some time to write), gcc patched with IBM's SSP
stack protector patches, all system services running under djb's
supervise (and I do mean all; with the exception of autofs).

If you're interested in learning more, please drop me a note off the
list as this isn't really the place to discuss this. I'd be interested
in some response indicating some features you think are important in a
secure (GUI-less) Linux server. I'm hoping that, eventually, this
project may make the basis for a future Corporate Server release, but I
wouldn't hold my breath (might seem a little too divergent from
Mandrake's philosophy of easy-to-use, but who knows).

---
Mandrakesoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]