Mailing List Archive

On 09/02/2013 02:49 PM, Zenon D'Elée wrote:
>
> Well, I use gentoo since some years now... and I feel that time has come to participate a bit to this project.
> Thus I would like to know if there is some interesting work to do here in the hardened project ...
>
> The fact is that I will have free time from January and during at least two months,
>
> so I begin to get some informations to choose in which project I will participate.
> Thanks,
>
> Anthony.
>

We can always use help. The best way to start is by squashing some bugs
for us. Go to bugs.gentoo.org and search for anything with "hardened"
in the subject line. You'll get a very mixed batch of bugs, from very
easy to very hard! Look through them and see if you find anything that
interests you.

Also join the IRC channel at Freenode #gentoo-hardened. You may want to
ask us which bugs are important or interesting for the project.

Thanks!

--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA

Thanks for the answer, and yes obviously this is the first place I will go. 
My question was not enough precise, the following is maybe a bit more precise:
Is there any future improvements of the hardened project (other than bugs squashing)  that needs help ?  like for example new soft to
incorporate in hardened project ?

Thanks.



________________________________
De : Anthony G. Basile <blueness@gentoo.org>
À : gentoo-hardened@lists.gentoo.org
Envoyé le : Mardi 3 septembre 2013 3h12
Objet : Re: [gentoo-hardened] Any help needed ?


On 09/02/2013 02:49 PM, Zenon D'Elée wrote:
>
> Well, I use gentoo since some years now... and I feel that time has come to participate a bit to this project.
> Thus I would like to know if there is some interesting work to do here in the hardened project ...
>
> The fact is that I will have free time from January and during at least two months,
>
> so I begin to get some informations to choose in which project I will participate.
> Thanks,
>
> Anthony.
>

We can always use help.  The best way to start is by squashing some bugs
for us.  Go to bugs.gentoo.org and search for anything with "hardened"
in the subject line.  You'll get a very mixed batch of bugs, from very
easy to very hard!  Look through them and see if you find anything that
interests you.

Also join the IRC channel at Freenode #gentoo-hardened.  You may want to
ask us which bugs are important or interesting for the project.

Thanks!

--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA

On Sep 3, 2013 10:32 PM, "Zenon D'Elée" <pid3.14159265@yahoo.fr> wrote:
>
> Thanks for the answer, and yes obviously this is the first place I will
go.
> My question was not enough precise, the following is maybe a bit more
precise:
> Is there any future improvements of the hardened project (other than bugs
squashing) that needs help ? like for example new soft to
> incorporate in hardened project ?

There are many hardening aspects still untouched, but might not be easy to
implement out of the blue. I'm thinking about mandatory access controls
like SMACK or TOMOYO. Or dm-verity for block-level integrity.

Wkr,
Sven

On 09/04/2013 01:29 AM, Sven Vermeulen wrote:
> out of the blue

No! No more will be implemented "out of the blue" until he is well rested!

I would try SMACK because it uses xattrs to store labels, like selinux
and the new pax flags. It might be something we could roll in with what
we do now. I would prefer the pax flags model (labelling from withing
an ebuild on an ad hoc basis) rather than selinux's model which is to
have a new category in portage for the policies. I'm not familiar with
SMACK so this may not be easy/possible. Also, I think rsbac, selinux
and SMACK are all going to be mutually exclusive.

Finally, kensington has apparmor, but I don't know the state of its
implementation.

If we continue with mutually exclusive security models (or more like
partially mutually exclusive) we'll need documentation on what the pros
and cons are of each. Someone could start there with the wiki.


--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Hi Sven, SMACK seems very interesting and far more complicated than SELinux, what kind of implementation are you thinking about regarding SMACK ? 
Anthony.




________________________________
De : Sven Vermeulen <sven.vermeulen@siphos.be>
À : gentoo-hardened@lists.gentoo.org
Envoyé le : Mercredi 4 septembre 2013 7h29
Objet : Re: [gentoo-hardened] Any help needed ?




On Sep 3, 2013 10:32 PM, "Zenon D'Elée" <pid3.14159265@yahoo.fr> wrote:
>
> Thanks for the answer, and yes obviously this is the first place I will go. 
> My question was not enough precise, the following is maybe a bit more precise:
> Is there any future improvements of the hardened project (other than bugs squashing)  that needs help ?  like for example new soft to
> incorporate in hardened project ?
There are many hardening aspects still untouched, but might not be easy to implement out of the blue. I'm thinking about mandatory access controls like SMACK or TOMOYO. Or dm-verity for block-level integrity.
Wkr,
  Sven

On 09/04/2013 08:03 AM, Zenon D'Elée wrote:
> Hi Sven, SMACK seems very interesting and far more complicated than SELinux, what kind of implementation are you thinking about regarding SMACK ?
> Anthony.
>

I would first figure out how to get SMACK working on a vanilla gentoo
system manually and then figure out how to get portage (or other gentoo
tools) to automate what you did manually.


--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Just reading my previous post : What I wanted to say is " SMACK FAr less complicated that SElinux .. " !
Anyway yes, the suggestion of Anthony G. is a good start , I am maybe too much optimistic regarding SMACK ,  but it does not seem that complicated.




________________________________
De : Anthony G. Basile <basile@opensource.dyc.edu>
À : gentoo-hardened@lists.gentoo.org
Envoyé le : Mercredi 4 septembre 2013 20h37
Objet : Re: [gentoo-hardened] Any help needed ?


On 09/04/2013 08:03 AM, Zenon D'Elée wrote:
> Hi Sven, SMACK seems very interesting and far more complicated than SELinux, what kind of implementation are you thinking about regarding SMACK ?
> Anthony.
>

I would first figure out how to get SMACK working on a vanilla gentoo system manually and then figure out how to get portage (or other gentoo tools) to automate what you did manually.


-- Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Zenon, join the IRC chat room on Freenode. #gentoo-hardened. You'll
see what we're up to and be able to start contributing.

On 09/04/2013 03:14 PM, Zenon D'Elée wrote:
> Just reading my previous post : What I wanted to say is " SMACK FAr less complicated that SElinux .. " !
> Anyway yes, the suggestion of Anthony G. is a good start , I am maybe too much optimistic regarding SMACK , but it does not seem that complicated.
>
>
>
>
> ________________________________
> De : Anthony G. Basile <basile@opensource.dyc.edu>
> À : gentoo-hardened@lists.gentoo.org
> Envoyé le : Mercredi 4 septembre 2013 20h37
> Objet : Re: [gentoo-hardened] Any help needed ?
>
>
> On 09/04/2013 08:03 AM, Zenon D'Elée wrote:
>> Hi Sven, SMACK seems very interesting and far more complicated than SELinux, what kind of implementation are you thinking about regarding SMACK ?
>> Anthony.
>>
>
> I would first figure out how to get SMACK working on a vanilla gentoo system manually and then figure out how to get portage (or other gentoo tools) to automate what you did manually.
>
>
> -- Anthony G. Basile, Ph. D.
> Chair of Information Technology
> D'Youville College
> Buffalo, NY 14201
> (716) 829-8197
>


--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197