Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
-
fullmoonremix
Post#1
by fullmoonremix » 12 Jan 2016, 04:27
Salutations...
I decided to expand this post from "Derivatives" to a full blown thread...
Can you perhaps give me a real life scenario I can get my head around?
@brokenman... I revised my previous post.
Consider this real world example... OpenSSL has well documented exploits (because it's... "compromised by design?").
So this begs the question... if you reboot (w/ fresh mode) a compromised binary don't those compromises also reboot?
However... if sandboxed with patches and/or nanokernels the exploits can be eliminated and/or contained.
And any errors introduced by inferior and/or malicious code will NOT destablize/crash the system (hence... "fault tolerance").
http://forum.porteus.org/viewtopic.php? ... ned#p40847
Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Security-focused operating system
Address space layout randomization: Linux
Best Regards...
Posted by 73.150.85.78 via
http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 20 May 2016, 13:37, edited 1 time in total.
fullmoonremix
-
Evan
- Shogun
- Posts: 466
- Joined: 11 Apr 2016, 09:00
- Distribution: Distribution: *
Post#2
by Evan » 20 May 2016, 07:17
<removed>
Last edited by
Evan on 24 Jun 2016, 11:31, edited 1 time in total.
Evan
-
fullmoonremix
Post#3
by fullmoonremix » 20 May 2016, 11:37
Salutations...
Overhead is a nominal issue.
In a security onion... it's all about the layers because there is no panacea. So the more... the merrier.
"Best Regards"...
Posted by 73.150.85.78 via
http://webwarper.net
This is added while posting a message to avoid misusing the service
fullmoonremix
-
brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Post#4
by brokenman » 22 May 2016, 00:50
Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Care to explain exactly how hardened gentoo uses these concepts?
How do i become super user?
Wear your underpants on the outside and put on a cape.
brokenman
-
fullmoonremix
Post#5
by fullmoonremix » 22 May 2016, 01:17
Salutations...
When I speak of "sandboxing" my intended meaning is in the general sense.
Be it chroot... containers... MAC... VM... or anything else. Basically ANYTHING that restricts access.
Short version...
Hardened Gentoo uses
PaX /
Grsecurity (and more). Kernel hardening is all about
Fault tolerance and
Principle of least privilege .
(eg...your "zombied" USB flash drive controller should NOT be able to flash system firmware and if it tries it should NOT crash the system)
"Best Regards"...
Posted by 73.150.85.78 via
http://webwarper.net
This is added while posting a message to avoid misusing the service
fullmoonremix