Gentoo Hardened Goals for 2005:
Hardened Toolchain: -A review of the current approach that the hardened toolchain takes is needed. There may be ways to strengthen the current implementation or areas of code that can be cleaned up to allow changes to be pushed upstream easier. -As a lingering effect of the previous hardened toolchain, many ebuilds currently filter hardened CFLAGS such as -fPIC and -fstack-protector. Work can now be devoted on reviewing those packages and seeking alternate solutions to the filters. Also, the hardened code in flag-o-matic.eclass should be reviewed and possibly rewritten. -Introduce amd64/sparc64/ppc stages. More hardware support can be covered in the future if we acquire hardware to support them. Access Control Systems: Grsecurity -Documents regarding Grsecurity are currently a major need. The existing Grsecurity2 document needs to be converted to Handbook XML. Also, a document detailing the RBAC system in more detail is needed. SELinux -Strengthen and extend current policies. -Extend support to more architectures. -Policy module support. -Additional Daemon Policies. RSBAC -Bring policy support tool to Gentoo packages. -Develop default Gentoo policies with policy support tool. -Enhance current documentation, and possibly add documentation about desktop RSBAC. Documentation: -The Hardened Gentoo Project is currently very lacking in documentation. The hardened toolchain needs to be documented fully, and older documents that have a relationship to the toolchain need to updated such as the SSP, PIE, and PIC documents. Also, comparative documents should be written to explain the choices that Hardened Gentoo has made in deciding which security tools to support and which not to support. Recruitment: -The Hardened team is in need of more members. Users who take a proactive approach to finding places for improvement and filling in the holes will be noticed and probably recruited. -A new Hardened Committee needs to be elected when current terms expire this year. Release Engineering: -Introduce a LiveCD geared towards issues relating to Hardened such as penetration testing, trojan detection, rescue utilities, etc. -Continue to support and improve our 2.4.x and 2.6.x kernel patchsets. -Continue down the path of aiming and maintaining self-sufficiency for the Hardened project. Public Relations: -Improved efforts are needed to promote hardened technologies outside of the Gentoo project alone. Also, improved awareness of the Hardened project within Gentoo itself is needed. -- Adam Mondl <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
