Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Aug 2011 12:42:12 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Owl 4.0 priorities

Solar,

This is my very rough Owl 4.0 plan ordered by the significance:

* GCC update.  Look at the work done by Georgi, probably continue it or
  start from scratch.

* SYSLINUX packetizing.  Make installer use it instead of LILO.

* Big Kernel Update to RHEL6/OpenVZ.  Identify which new CONFIG_* are
  needed for Owl, which are OK to skip, which are needed for modern
  distro run as containers (like cgroups stuff) which need prior code
  review, etc. etc.

* Solve CD space issue.  Decide to either switch to DVD, or use
  compressed fs for Live CD, or remove (part of) sources from CD.

* Backport hardening kernel stuff from upstream Linux and from
  NACK'ed/pendind RFCs.

* Identify what userspace hardening can be achieved from the updated
  toolchain.  Likely enable everything for networking programs.
  Probably enable them in defaults (like Ubuntu does).

* IPv6.  Identify which kernel features are mandatory for userspace IPv6,
  which are desirable/optional.  Enable IPv6 support in init scripts.
  Identify which packages need a simple passing --with-ipv6 to
  ./configure, which don't support it.  Packetize IPv6 related stuff
  (radvd?).  Identify sane sysctl defaults.

* Packetize new stuff / update existing.  ppp*, network sniffing tools,
  LAMP, parted, etc.

* Repository setup (apt?).


These are likely to be mixed during the process.  However there are some
rather strong dependencies:

- Kernel update, IPv6, new tools, repository need MUCH space on CD.

- Kernel update, new tools likely need new gcc as some new software
  doesn't compile by our gcc 3.4.5.

- Kernel update, IPv6 need syslinux as our lilo's pseudy floppy is
  almost full.


So, I expect to make big changes in the list during the process :)

Thanks,

-- 
Vasiliy

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ