The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suid programs and security


  The next logical extention is the design of a secure firewall gateway.
 I had similar thoughts few months ago, but with much tighter security:
 ethernet boot, read-only partitions, only essential commands, no user 
 logins, monitoring, remote logging, slimed-down progs, secure mail
 exchange, etc.

  This is a desired commercial product, maybe Debian wants to get there first.
 Having read plenty of security books, I realized that it is simply looong
 (and hard?) to be done by any person and, especially if upgradability is
 important. I will be intrested only if it is going to be a genuine
 super-paranoia gateway project.



Ioannis Tambouras 
ioannis@flinet.com, West Palm Beach, Florida
Signed pgp-key on key server. 


> I would like to know if their people out there wanting to work on a 
> "especially secure" distribution of Debian? It will be base on the free 
> packages (including non-us) around there, carefully choice and tested to 
> give a more secure debian system. *EXAMPLES* of main lines:
> 
> * Packages must be certified by a special key.
> * Support of shadow and may be PAM
> * Support of cfs/tcfs on the system.
> * Special configuration to allow more security.
> * Special support of firewall
> * Special cron jobs to check if the system wasn't compromised (sorry I 
> can't find a more accurate word)
> * Warn about installation of unsecure software (such as doom, or 
> some shell without security certification)
> * Special security support (including releasing us own security patch and 
> comments)
> 
> They're just examples and I'm really *not* a security expert but I would 
> like to be part of this project if they're one. May be can we get a C3 
> authentification *with* network. CFS is surely more secure then other 
> *supposely* secured FS ;).
> 
> 
> 
> 
> --
> Please respect the confidentiality of material on the debian-private list.
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
> 
> "especially secure" distribution of Debian? It will be base on the free 
> packages (including non-us) around there, carefully choice and tested to 
> give a more secure debian system. *EXAMPLES* of main lines:
> 
> * Packages must be certified by a special key.
> * Support of shadow and may be PAM
> * Support of cfs/tcfs on the system.
> * Special configuration to allow more security.
> * Special support of firewall
> * Special cron jobs to check if the system wasn't compromised (sorry I 
> can't find a more accurate word)
> * Warn about installation of unsecure software (such as doom, or 
> some shell without security certification)
> * Special security support (including releasing us own security patch and 
> comments)
> 
> They're just examples and I'm really *not* a security expert but I would 
> like to be part of this project if they're one. May be can we get a C3 
> authentification *with* network. CFS is surely more secure then other 
> *supposely* secured FS ;).
> 


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com