Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Mar 2012 21:09:57 +0400
From: gremlin@...mlin.ru
To: owl-dev@...ts.openwall.com
Subject: Re: Google Summer of Code 2012 (GSoC)

On 19-Mar-2012 09:26:34 +0200, Stanislav Uzunchev wrote:

 > Hi, all. I am applying quote from the ideas page on openwall's
 > site. My question is what is the priority of this task. I am
 > going to apply for gsoc and i want to chose a task with higher
 > priority to avoid preparing my application for something that
 > is not nescecary. Regards.
 > > Functionality available out of the box needs to be expanded in
 > > multiple ways, including:
 > > Need to have full LAMP stack in the base system. We need to add
 > > Apache, MySQL, PHP - and do so in accordance with our project
 > > concepts, which will include some security-relevant changes.

For now here's only one significant task, and it's the httpd code
audit. Now I'm working with 2.2 branch, and even have it running
with lower privileges, but possibly we could have a look at recently
published version 2.4.1 (and 2.4 branch in a whole).

 > > DHCP and PPP/PPPoE/PPTP client support (add userland packages,
 > > introduce privilege separation where needed)

Running `dhclient -1` at the boot time is generally safe, so only the
daemon mode should be checked (or disabled completely for now, as Owl
is the server platform, and the servers normally don't change addresses
like dirty socks). PPP and related services (PPPoE, PPTP) require much
more attention, primarily the thorough code audit (including kernel).

 > > Assorted extra packages that are in line with typical uses,
 > > concepts, and goals of Owl

One of those packages should be nginx: while the Apache httpd may be
running as a backend with lowered privileges and dealing with users'
buggy scripts, the nginx is normally set up as a caching frontend.
This solution is very effective (and, therefore, popular), so we'd
obviously need it.

If you feel you have enough skills for any of the above, it will be a
good choice.

 > > Support and setup a package repository (for easier updates),
 > > possibly with Zypper, yum, or apt

To me this task seems mostly administrative, not technical...

 > On Sat, Mar 17, 2012 at 4:41 AM, Solar Designer <solar@...nwall.com>
 > wrote:

- Because it messes up the order in which people normally read text.
- Why it is annoying?
- Top-posting.
- What is considered the most annoying thing in messages?


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ