Date: Wed, 30 May 2018 10:01:30 +0200 From: Daniel Cegiełka <daniel.cegielka@...il.com> To: owl-users@...ts.openwall.com Subject: Re: Owl update 2018-05-24 22:21 GMT+02:00 Solar Designer <solar@...nwall.com>: > Hi, > > As some of you are aware, our Openwall GNU/*/Linux (Owl) project has > been on hold for a long while now, with its future unclear: > > http://www.openwall.com/lists/owl-users/2014/12/30/1 > First of all, I thank you and the Openwall team for all these years of your work. And yes, Owl's development has been stuck for several years and its future seems unclear. Let's start from the beginning. Why did you start Owl? I remember an interview with you (2002 or 2003). You said you started the Openwall project because every time you set a new server, you had to spend a lot of time to secure it. Owl was supposed to be secure out of box. During all these years, a very unique and secure userland was built as part of the Openwall project. The knowledge and experience that Openwall brings is even more valuable ("bringing security into open environments"). But can other Linux distributions be able to use Owl's experience? I do not think so. Even if they try, sooner or later they spoil everything by adding more suid files. Owl's userland is therefore very unique. Regarding to Owl's future. Currently, thanks to your cooperation with Salvatore Mesoraca, more and more solutions developed for the Owl's kernel begin to go to linux. I wonder if it would be sensible to use Owl userland also on other kernels. This would allow better use of the new hardware (eg. CPU's, amr64). In the past Owl was to be based on the RSBAC kernel. RSBAC still exists, being developed on new kernels (4.14). But I'm afraid, however, that it may be difficult for them to survive. SELinux is great, but unfortunately difficult to configure. AppArmor on the other hand is easy to use and it is more an extension of the DAC model, on which Owl heavily relies (eg. tcb, crontab). What do you think about the idea to use Owl userland on newer kernels? And which one (RSBAC, SELinux, AppArmor) in your opinion is the most suited to using with Owl userland? I'm interested in which solution you would use for yourself with Owl userland.  http://www.openwall.com/lists/kernel-hardening/2017/11/22/4  https://www.rsbac.org/ Thanks again, Daniel
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.