Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Aug 2013 12:09:27 +0200
From: John Spencer <maillist-owl@...fooze.de>
To: owl-dev@...ts.openwall.com
Subject: some issues encountered in Owl-3_0-stable-20130408-i686.iso.gz

yesterday i did an owl test install in order to compare its filesystem 
permissions with that of my own distribution i'm working on.
i encountered a couple of (mostly minor) issues, which i'm documenting 
here... feel free to ignore.

1) when run in virtual box with default settings, the kernel will detect 
a non-SMP system and lock up after some PCI diagnostic messages.
assigning more than one CPU to the VM fixes that.

2) the documentation says that for installation "setup" and "settle" 
should be used. however settle does not detect changes done using setup, 
so you end up having to assign a root password twice.
i also changed my keyboard layout with setup, (and not in settle), so
after the install my keyboard layout was still USA, which came as a 
surprise (detected when the ":" did not work, so i couldnt exit vi).

3) the passwd utility does not allow setting a weak password.
i understand that it somehow makes sense to enforce good security,
but OTOH on test installations that will never ever connect to a real
ethernet cable you really don't want a 20 letter password.
in my sysadmin past, more than 90% of linux installs were test 
installations.
i ended up copy/pasting a weak password hash manually into 
/etc/tcb/root/shadow...
imo there should be a way to make passwd do what the admin wants without 
forcing him to edit the shadow file.

4) after the install, the Owl documentation is nowhere to be found.
apparently it's only on the CD-ROM media. imo it should be installed on 
hdd and the /etc/motd as well.

5) adduser user ; su user
bash: /root/.bashrc: Permission denied

6) very old find utility
i used the following command to search for world writable files:
find / ! -type l -perm -002  2>/dev/null

turned out that the ancient installed version does not even support the 
! type syntax, so it appeared as if Owl has no world-writable files at 
all...
(btw, even current busybox find supports all options in that find statement)

7) very old gcc
it's not even possible to build a kernel with a GCC that old.
and indeed when looking at 
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/kernel/linux-2.6.18-348.3.1.el5.028stab106.2-owl.diff?rev=1.1.2.2;content-type=text%2Fplain
it appears as if a good part of the patch are compiler version 
workarounds. while i personally like having a patch for old gcc versions 
and a recent kernel, in this case it only adds unwanted noise to the 
patch. but then, maybe there's a better place to look for the single 
patches openwall applies to the kernel (lots of small topic patches) ?

8) lacking the documentation after the system was installed,
i tried to find out how to install an usable editor (gnu nano).
as it's a rpm based install, i tried to use yum, but it is not
existant. my suggestion is to create yum as a shell script
which justs prints the right information how to install stuff on owl.
$ yum install nano
this system uses XXX for package install, try XXX install nano instead.

9) since nano is the default editor in debian and ubuntu, i think owl
should ship it in the default install as well.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ