Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 28 Aug 2011 12:42:12 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Owl 4.0 priorities

Solar,

This is my very rough Owl 4.0 plan ordered by the significance:

* GCC update.  Look at the work done by Georgi, probably continue it or
  start from scratch.

* SYSLINUX packetizing.  Make installer use it instead of LILO.

* Big Kernel Update to RHEL6/OpenVZ.  Identify which new CONFIG_* are
  needed for Owl, which are OK to skip, which are needed for modern
  distro run as containers (like cgroups stuff) which need prior code
  review, etc. etc.

* Solve CD space issue.  Decide to either switch to DVD, or use
  compressed fs for Live CD, or remove (part of) sources from CD.

* Backport hardening kernel stuff from upstream Linux and from
  NACK'ed/pendind RFCs.

* Identify what userspace hardening can be achieved from the updated
  toolchain.  Likely enable everything for networking programs.
  Probably enable them in defaults (like Ubuntu does).

* IPv6.  Identify which kernel features are mandatory for userspace IPv6,
  which are desirable/optional.  Enable IPv6 support in init scripts.
  Identify which packages need a simple passing --with-ipv6 to
  ./configure, which don't support it.  Packetize IPv6 related stuff
  (radvd?).  Identify sane sysctl defaults.

* Packetize new stuff / update existing.  ppp*, network sniffing tools,
  LAMP, parted, etc.

* Repository setup (apt?).


These are likely to be mixed during the process.  However there are some
rather strong dependencies:

- Kernel update, IPv6, new tools, repository need MUCH space on CD.

- Kernel update, new tools likely need new gcc as some new software
  doesn't compile by our gcc 3.4.5.

- Kernel update, IPv6 need syslinux as our lilo's pseudy floppy is
  almost full.


So, I expect to make big changes in the list during the process :)

Thanks,

-- 
Vasiliy

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.