Some extensive system health monitoring

John Richard Moser nigelenki at comcast.net
Tue Mar 15 00:51:22 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Taco Witte wrote:
> On Tue, 08 Mar 2005 13:05:24 -0500, John Richard Moser
> <nigelenki at comcast.net> wrote:
> 
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Thibaut Varene wrote:
>>
>>>On Mon, 07 Mar 2005 23:10:53 -0500, John Richard Moser
>>><nigelenki at comcast.net> wrote:
> 
> [snip]
> 
>>>> - Firewall
>>>>  - Allow remote firewall rule "modules" to be fetched to construct a
>>>>    firewall of stock options (REQUIRE SIGNATURE)
>>>>  - Allow on-site configuration of IP masquerading, routing, port
>>>>    forwarding, and IP connection tracking
>>>>  - Notify when firewall rule modules are updated and ask the user if
>>>>    he wishes to update the firewall
>>>
>>>
>>>Not needed. No open port by default. The user starting to install
>>>server daemons and opening ports should know what he's doing. At most,
>>>I can imagine he'd be prompted for the security implications of his
>>>doing (as Mandrake does when you ask for installing Apache and the
>>>like)...
>>
>>Malware could open ports by itself.  Do I need to write some and sneak
>>it on your computer one day, then sniff out your root password by
>>advanced social engineering?
> 
> 
> There's a feature in (I believe) grsecurity that disallows users to
> execute programs in insecure directories or with insecure permissions
> ("not installed by the administrator"). I think it would be very good
> at some stage to adopt this feature because it can prevent a lot of
> worms and malware from having any effect.
> 

It's a pain in the ass.  It will fuck up wine; you can't execute
programs in folders unless the programs and folders are root-owned and
`chmod go=`.  I don't know how it knows to deny it when wine tries to
execute things, I'd assume the same way it would know if you `/lib/ld.so
/tmp/eatme` to run a program.

I've run TPE and it "mostly" works, but it did have noticible
consequences that won't be fixed "over time."  It's a really nasty
security model; however, it'd be great to have strict TPE (root owned
files in root owned folders) for servers.  While I stand by PaX, linking
restrictions, some /proc restrictions, SSP, randomized PIDs and XIDs and
TCP stuff, and chroot() restrictions for the desktop, I really think TPE
and MAC (SELinux, GrSecurity RBAC) belong on servers.


> In general I agree that more such information for users would be a
> good thing. Maybe a DBUS protocol can be made for such messages
> (allowing those messages to offer the user to do some action or open a
> website). Using DBUS, this idea can be implemented in a distributed
> manner.
> 
> Kind regards,
> Taco
> 

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCNoXqhDd4aOud5P8RAlHrAJ9mP29tnuvaunLz419zMy1A3AvPkQCcCzmR
tx4XsDbTNimBxx338Wk/TQU=
=Pg98
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list