Solar Designer on Openwall GNU/*/Linux

Scritto da: -

Owl Solar Designer is one of the most important security expert on the Net. He developed the famous Unix password cracker John The Ripper and popa3d, a secure POP3 daemon, but also a security enhanced Gnu/Linux distro: Openwall GNU/*/Linux .
In this email interview I asked some questions about present and future of this interesting Gnu/Linux system.

1) First of all, why have you decided to realize a security enhanced Linux distro, is Linux a better choice than OpenBSD and *BSD in general?

S.D. There’s real demand specifically for security-enhanced Linux systems. Linux is widespread, it has good hardware support, there’s a lot of software available for it (including some commercial packages), and there are system administrators with specific Linux skills. Of course, OpenBSD and other *BSDs have their user bases, too - and
people are working on the security of those systems.
No, Linux (the kernel) is not a better choice than *BSDs security-wise. But it is not substantially worse either.

2) Owl 2.0 uses a patched 2.4.32 kernel. Is this because the 2.6 kernel is still considered insecure?

S.D. Not quite. Rather it’s because we have only invested our time in reviewing, patching, and fully supporting 2.4.x kernels so far, and we couldn’t change the major kernel version shortly before making a stable release of Owl.

3) Can you explain why Owl uses separate shadow files to store users’s passwords?

S.D. This is explained in the tcb(5) man page on Owl and also in our presentation slides [ http://www.openwall.com/presentations/Owl/ ] .

This alternative password shadowing scheme makes it possible for users to change their own passwords without having to run a root-privileged program. On Owl, the “passwd” program is not SUID root; rather, it is granted just enough privilege to enforce a password policy. This and our other security enhancements make it possible to run a perfectly functional Owl system without a single SUID root program.

4) Postfix, popa3d, BIND. Why didn’t you include a security enhanced versions of Apache, PHP, and MySQL?

S.D. Apache is planned for future versions of Owl. PHP and MySQL will likely be in unsupported Owl add-ons, along with other software. We’d like to keep the Owl base system small, and limited only to software for which we can guarantee a certain level of quality.

5) Do you plan to add a package/update manager like Yum in the next release of Owl?

S.D. Owl has a package manager - it’s RPM - although we dislike RPM for its low code quality and code bloat. Yes, we’re considering introducing an auto-updater such as yum, although this is not specifically “planned”. I don’t think it is currently any hard to update Owl systems. It’s a matter of running the lftp “mirror” command (to retrieve any updated
packages) followed by a “make installworld”. There are, however, other reasons in favor of the introduction of an auto-updater such as yum -e.g., integration with OpenVZ.

6) What features are you currently working on for the next release?

S.D. We’re currently in the process of defining the roadmap for the next release. We’ve identified many potential areas to work on, of which we’ll only pick a few for the next release - in addition to all the usual updates to new software versions.

Vota l'articolo:
Nessun voto. Potresti essere tu il primo!  
 
Aggiorna
  • nickname Commento numero 1 su Solar Designer on Openwall GNU/*/Linux

    Posted by:

    <a href="http://linuxfilter.com/story/458/">Solar Designer on Openwall GNU/*/Linux</a> Solar Designer is one of the most important security expert on the Net. He developed the famous Unix password cracker John The Ripper and popa3d, a secure POP3 daemon, but also a security enhanced Linux distro: Openwall GNU/*/Linux . In this interview Solar Designer speaks about present and future of this interesting Gnu/Linux system. Scritto il Date —

  • nickname Commento numero 2 su Solar Designer on Openwall GNU/*/Linux

    Posted by:

    <a href="http://grassrootsyouth.org/26.html">cya</a>cya Scritto il Date —

  • nickname Commento numero 3 su Solar Designer on Openwall GNU/*/Linux

    Posted by:

    <a href="http://grassrootsyouth.org/2.html">seems to be good</a>grassrootsyouth Scritto il Date —

  • nickname Commento numero 4 su Solar Designer on Openwall GNU/*/Linux

    Posted by:

    ICQ 374551957 - MUDAK I PIDOR. Ya zakazal u etogo 374551957 Hrumer za 50 baksov i nichego ne poluchil. 2 dnya 374551957 otmorazhyvalsya, a potom 374551957 voobshe propal. Koroche, ne vedites' na razvod UM ICQ 374551957 ICQ. Scritto il Date —

  • nickname Commento numero 5 su Solar Designer on Openwall GNU/*/Linux

    Posted by:

    Sorry :( Scritto il Date —

  • nickname Commento numero 6 su Solar Designer on Openwall GNU/*/Linux

    Posted by: lzyuan

    Trotzdem jetzt Demokraten und auch Republikanern anerkennen, dass dieser Steuerpflichtige muss nicht mehr geschätzt zu Häusern hoch <a href="http://www.vibram5fingers-it.com/" rel="nofollow">fünf Fingern</a> gut früher erwähnt die eigentliche Nation ist typisch, und wirst Sektor umzuwandeln erstklassige Stück mit dem Bau in eine diagnostische Tests in Bezug auf Boden, egal ob die besondere Vertraulichkeit Hypothek Markt kann nach wie vor <a href="http://www.vibram5fingers-it.com/vibram-five-fingers-classico-uom-c-11.html" rel="nofollow">Vibram Five Fingers classico uom</a> gehen die Idee allein. Die Ergebnisse, Analysten erklären, gehen zu höheren Kosten-Darlehen zusätzlich zu viel weniger Interessenten für weitere Häuser teuer werden.Michael S. Barr, ein neues früheren Mitarbeiter Finanzminister erklärte die Bundesregierung <a href="http://www.vibram5fingers-it.com/" rel="nofollow">FiveFingers</a> Personalabbau wird Bereiche schmerzhaft für viele Menschen. <br /> Scritto il Date —