On Tue, 2014-01-28 at 20:29 +1100, Russell Coker wrote:
On Fri, 24 Jan 2014, Marko Randjelovic marko...@eunet.rs wrote:
I would also like this. Yesterday I started compiling 3.2.54 with grsec
and PaX. A ready debian kernel(-source) with grsec and PaX would be
fine. Currently I am
On Fri, 24 Jan 2014, Marko Randjelovic marko...@eunet.rs wrote:
I would also like this. Yesterday I started compiling 3.2.54 with grsec
and PaX. A ready debian kernel(-source) with grsec and PaX would be
fine. Currently I am distributing my special packages via my own
repository - is there
On 01/26/2014 01:30 PM, Andrew McGlashan wrote:
On 25/01/2014 7:39 PM, Emmanuel Thierry wrote:
Then DNSSEC appeared ! :)
I wish it was that simple I don't believe it is today, but one day
it will have to be the standard.
I remind you it is really difficult to compromise DNS zones
On Tue, Jan 28, 2014 at 2:08 PM, Hans-Christoph Steiner h...@at.or.at wrote:
I think the MITM attacks that the NSA does on the core internet routers are
likely based on IP rather than DNS. The reports talk about the system is
setup to respond before any of the real servers can. So my guess is
On 25/01/2014 7:39 PM, Emmanuel Thierry wrote:
Then DNSSEC appeared ! :)
I wish it was that simple I don't believe it is today, but one day
it will have to be the standard.
I remind you it is really difficult to compromise DNS zones protected by
DNSSEC, even if you have control on root
Le 24 janv. 2014 à 14:17, Andrew McGlashan
andrew.mcglas...@affinityvision.com.au a écrit :
Hi,
On 19/01/2014 6:30 AM, Marco Saller wrote:
i am not sure if this question has been asked or answered yet, please do not
mind if i would ask it again.
Is it possible that the NSA or other
On Wed, 22 Jan 2014 12:24:27 +1100
Russell Coker russ...@coker.com.au wrote:
The possibility of LSM hooks being used to hide a kernel rootkit is widely
cited. But most sysadmins aren't going to find a kernel rootkit anyway so
using a non-LSM security system for that reason is trading off
On 22 Jan 2014 20:40:12 +0100
Andreas Kuckartz a.kucka...@ping.de wrote:
Marko Randjelovic:
Octavio Alvarez alvar...@alvarezp.ods.org wrote:
I wouldn't worry about SELinux specifically.
As I already pointed out, there is something:
On Thu, 23 Jan 2014 15:41:57 +0100
Kevin Olbrich kolbr...@dolphin-it.de wrote:
A followup there links to the following bug, linux-2.6: [RFC] Add a grsec
featureset to Debian kernels:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090
This would of course be the real
Hi,
On 19/01/2014 6:30 AM, Marco Saller wrote:
i am not sure if this question has been asked or answered yet, please do not
mind if i would ask it again.
Is it possible that the NSA or other services included investigative software
in some Debian packages?
I've read all the posts so far in
Marko Randjelovic:
On Wed, 22 Jan 2014 12:24:27 +1100
Russell Coker russ...@coker.com.au wrote:
The possibility of LSM hooks being used to hide a kernel rootkit is
widely cited. But most sysadmins aren't going to find a kernel
rootkit anyway so using a non-LSM security system for that
On 25/01/14 00:17, Andrew McGlashan wrote:
It's virtually impossible to know one way or
another, we just have to have some faith and trust (perhaps too much of
one or both).
FWIW, agreed.
To lightly misquote a network engineering mate of mine...
Not entirely sure why anyone
On Wed, 22 Jan 2014 16:16:21 -0800
Andrew Merenbach and...@merenbach.com wrote:
I installed the i386 architecture and installed the `paxtest' suite. My
results were fairly disappointing, to be honest:
$ sudo paxtest blackhat
Executable anonymous mapping (mprotect) : Vulnerable
I dont say that we should not include software, which comes from the
government. I just wanted to note a possible vulnerability and a easy access
for the secret services to include software in linux.
If i only believed in the bad sides of people and their governments, i had
already stopped
Am 23.01.2014 um 13:31 schrieb Marko Randjelovic marko...@eunet.rs:
On Wed, 22 Jan 2014 16:16:21 -0800
Andrew Merenbach and...@merenbach.com wrote:
I installed the i386 architecture and installed the `paxtest' suite. My
results were fairly disappointing, to be honest:
$ sudo paxtest
On Sun, 19 Jan 2014 21:17:03 -0800
Andrew Merenbach and...@merenbach.com wrote:
I just decided to try this out the other day on my Wheezy 7.3 install.
It wasn't that painful and I haven't noticed any performance impact or
misbehaving (read: broken) programs, at least not yet. Then again, I
On Wed, 2014-01-22 at 15:01, Marko Randjelovic wrote:
On Sun, 19 Jan 2014 21:17:03 -0800
Andrew Merenbach and...@merenbach.com wrote:
I just decided to try this out the other day on my Wheezy 7.3 install.
It wasn't that painful and I haven't noticed any performance impact or
misbehaving
On Mon, 20 Jan 2014 09:22:04 -0800
Octavio Alvarez alvar...@alvarezp.ods.org wrote:
On 01/20/2014 05:29 AM, Marco Saller wrote:
I have read that the NSA proposed to include SELinux in linux 2.5. (Linux
Kernel Summit 2001)
Don't you think that may be one of their fancy tricks to gain
On Wed, 22 Jan 2014 15:08:39 +0100
Milan P. Stanic m...@arvanta.net wrote:
I found it a lot easier to go with vanilla kernel and grsec/pax patch
instead of using Debian kernels.
Of course, but then secret services won't see you are using Debian :)
--
Education is a process of making people
debian-security@lists.debian.org
X-Mailer: iPhone Mail (11D5134c)
Am 22.01.2014 um 15:13 schrieb Marko Randjelovic marko...@eunet.rs:
On Wed, 22 Jan 2014 15:08:39 +0100
Milan P. Stanic m...@arvanta.net wrote:
I found it a lot easier to go with vanilla kernel and grsec/pax patch
On Jan 22, 2014, at 6:01 AM, Marko Randjelovic marko...@eunet.rs wrote:
It appears that this patch is available in the apt repos under the
kernel section (sensibly enough) as:
linux-patch-grsecurity2
Once it's downloaded, it patches the kernel in an automated fashion and
doesn't
Wouldn't this mean there is an error message? The patch could work with a newer
kernel in general (?).
I did not try it but are there so many changes between both releases?
Mit freundlichen Grüßen / best regards,
Kevin Olbrich.
(mobil vom iPhone)
--
Diese E-Mail enthält vertrauliche und/oder
On Jan 22, 2014, at 9:59 AM, Kevin Olbrich kolbr...@dolphin-it.de wrote:
Wouldn't this mean there is an error message? The patch could work with a
newer kernel in general (?).
I did not try it but are there so many changes between both releases?
Hi Kevin,
I just tried this an Debian with
Marko Randjelovic:
Octavio Alvarez alvar...@alvarezp.ods.org wrote:
I wouldn't worry about SELinux specifically.
As I already pointed out, there is something:
http://lists.debian.org/20140120005556.612de...@eunet.rs
And Russel Coker carefully explained in his reply to your mail why that
* Marco Saller:
i am not sure if this question has been asked or answered yet,
please do not mind if i would ask it again.
Is it possible that the NSA or other services included investigative
software in some Debian packages?
We don't reject contributions just because they come from a
On Jan 22, 2014, at 10:51 AM, Kevin Olbrich kolbr...@dolphin-it.de wrote:
Okay but this missmatch does not automatically mean it is not working.
Can you check if the features are present? Maybe the patch is still
compatible with a newer kernel?
Hi Kevin,
I installed the i386
On Sun, 19 Jan 2014, Marco Saller marcosal...@yahoo.de wrote:
i am not sure if this question has been asked or answered yet, please do
not mind if i would ask it again. Is it possible that the NSA or other
services included investigative software in some Debian packages?
It is possible that a
On Wed, 22 Jan 2014 12:24:27 +1100
Russell Coker russ...@coker.com.au wrote:
On Sun, 19 Jan 2014, Marco Saller marcosal...@yahoo.de wrote:
i am not sure if this question has been asked or answered yet, please do
not mind if i would ask it again. Is it possible that the NSA or other
I have read that the NSA proposed to include SELinux in linux 2.5. (Linux
Kernel Summit 2001)
Don't you think that may be one of their fancy tricks to gain access to
computers running linux? Some news websites also mention vulnerabilities
similar to this one.
It would be a great idea to include
On 01/20/2014 05:29 AM, Marco Saller wrote:
I have read that the NSA proposed to include SELinux in linux 2.5. (Linux
Kernel Summit 2001)
Don't you think that may be one of their fancy tricks to gain access to
computers running linux? Some news websites also mention vulnerabilities
similar
Is SELinux disabled on new debian installs?
Mit freundlichen Grüßen / best regards,
Kevin Olbrich.
Web: http://kevin-olbrich.de/
--
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind und/oder diese E-Mail irrtümlich
erhalten
Kevin Olbrich:
Is SELinux disabled on new debian installs?
The SELinux packages are optional. The default kernel is configured so
that SELinux (or another LSM) can be enabled after the packages have
been installed.
Cheers,
Andreas
--
To UNSUBSCRIBE, email to
On 01/20/2014 12:22 PM, Octavio Alvarez wrote:
On 01/20/2014 05:29 AM, Marco Saller wrote:
I have read that the NSA proposed to include SELinux in linux 2.5. (Linux
Kernel Summit 2001)
Don't you think that may be one of their fancy tricks to gain access to
computers running linux? Some
Even if there would not be a manipulated software package - hardware
manipulation in mainboards or network hardware (like cisco does) is already
known.
Mit freundlichen Grüßen / best regards,
Kevin Olbrich.
(mobil vom iPhone)
--
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Bjoern Meier:
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
I proposed this Debian Release Goal:
https://wiki.debian.org/ReleaseGoals/SELinux
Cheers,
Andreas
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2014-01-18 21:04, Noah Meyerhans wrote:
On Sat, Jan 18, 2014 at 08:30:49PM +0100, Marco Saller wrote:
i am not sure if this question has been asked or answered yet,
please do not mind if i would ask it again. Is it possible that
the NSA or
On Sun, 19 Jan 2014 22:58:54 +0100
JKAbrams.se j...@jkabrams.se wrote:
...
And no, least there be speculation, I have no information to this
effect, and from what I've learned of the open source community I
don't think this is likely, for many of us it's a kind of moral
calling that brought
On Sat, 18 Jan 2014 15:04:48 -0500
Noah Meyerhans no...@debian.org wrote:
On Sat, Jan 18, 2014 at 08:30:49PM +0100, Marco Saller wrote:
i am not sure if this question has been asked or answered yet, please do
not mind if i would ask it again.
Is it possible that the NSA or other services
On 19 Jan 2014 12:16:25 +0100
Andreas Kuckartz a.kucka...@ping.de wrote:
Bjoern Meier:
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
I proposed this Debian Release Goal:
https://wiki.debian.org/ReleaseGoals/SELinux
Cheers,
Andreas
SELinux security benefits are vague because
Hi,
I did not know about grsecurity. Thanks for the hint. After some quick browsing
it seemed it works like the windows code execution protection. I will try to
compile the kernel with this patch like you did.
Linux is the most secure OS IMHO - distributing this patch in debian would be
great
On Mon, Jan 20, 2014 at 7:27 AM, Celejar wrote:
A lot of people in this discussion seem to have your tacit assumption,
that the NSA and its tactics are fundamentally at odds with morality.
JFTR, many of us do not agree.
Could you explain the reason for your disagreement with this assumption?
On Mon, 20 Jan 2014 11:45:08 +0800
Paul Wise p...@debian.org wrote:
On Mon, Jan 20, 2014 at 7:27 AM, Celejar wrote:
A lot of people in this discussion seem to have your tacit assumption,
that the NSA and its tactics are fundamentally at odds with morality.
JFTR, many of us do not agree.
On 01/19/2014 04:06 PM, Kevin Olbrich wrote:
I did not know about grsecurity. Thanks for the hint. After some quick browsing
it seemed it works like the windows code execution protection. I will try to
compile the kernel with this patch like you did.
Linux is the most secure OS IMHO -
Marko Randjelovic:
SELinux security benefits are vague because it makes possible to
use it's hooks to add a backdoor which would be nearly impossible
to detect:
https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm
https://grsecurity.net/lsm.php
SELinux, AppArmor, Smack and
Hey there,
i am not sure if this question has been asked or answered yet, please do not
mind if i would ask it again.
Is it possible that the NSA or other services included investigative software
in some Debian packages?
Mit freundlichen Grüßen / Best Regards / 谨致问候
Marco Saller
--
To
hi,
2014/1/18 Marco Saller marcosal...@yahoo.de:
Hey there,
i am not sure if this question has been asked or answered yet, please do not
mind if i would ask it again.
Is it possible that the NSA or other services included investigative software
in some Debian packages?
Mit freundlichen
Hi,
they don't need a real backdoor. They just need something that looks like a
programming error. Possible buffer overflow, . Whether they themselves
contributed the code or not, does not matter for them.
Franz
Bjoern Meier bjoern.me...@gmail.com schrieb:
hi,
2014/1/18 Marco Saller
On 1/18/14, Marco Saller marcosal...@yahoo.de wrote:
Hey there,
i am not sure if this question has been asked or answered yet, please do not
mind if i would ask it again.
Is it possible that the NSA or other services included investigative
software in some Debian packages?
Hi, Marco..
On Sat, Jan 18, 2014 at 08:30:49PM +0100, Marco Saller wrote:
i am not sure if this question has been asked or answered yet, please do not
mind if i would ask it again.
Is it possible that the NSA or other services included investigative software
in some Debian packages?
It is absolutely
Hello,
This is a chance of 1 in 5.
I think there are ways we would never imagine yet. Just think of such a
possibility in qt and there would be thousands of zombie apps.
Mit freundlichen Grüßen / best regards,
Kevin Olbrich.
(mobil vom iPhone)
--
Diese E-Mail enthält vertrauliche und/oder
I would expect it to be root kit of some form, most likely to dwell in a
non-free repo.
On Sat, Jan 18, 2014 at 3:14 PM, Kevin Olbrich kolbr...@dolphin-it.dewrote:
Hello,
This is a chance of 1 in 5.
I think there are ways we would never imagine yet. Just think of such a
possibility in qt
51 matches
Mail list logo