New regression test suite for hardened environments & Hardened Debian proposals

New regression test suite for hardened environments & Hardened Debian proposals

[Lorenzo Hernandez Garcia-Hierro]

[-- Attachment #1: Type: text/plain, Size: 3017 bytes --]

Hi,

This is my first message on the list, so, let me do a brief presentation
of myself.

I'm a guy from Spain that launched a few months ago the Hardened Debian
project, i have limited knowledge on these things , and sure many of you
know many more than me, so, i think my approaches wouldn't be really
important, and i just come out to see, learn and hear from you, sharing
what i've already known and learning for the things i don't.

I want to announce that i've started a new regression tests suite, based
on paxtest, but adding more features to make it much more useful.

Original paxtest (by Peter Busser) is a regression tests suite for the
PaX kernel security enhancements (mainly the NOEXEC implementations and
also the ASLR stuff).

My one, still under development and not ready at all, supplies many more
features than paxtest, including but not limited to:

. FIPS 1402 compliance test for random numbers generation devices
(RNG,PRNG,TRNG,CSRNG...)
· Stack Smashing Protector / ProPolice detection & alocation routines.
	(i'm working on them, they are already implemented on Hardened Debian's
gcc wrapper)
· PIE support detection.
· Planning SELinux support...

I want to know if somebody is interested in contributing with this, i
need help to learn how to integrate some SELinux capabilities in it, and
also help in developing it as i don't get a lot of time with school,
"work", projects, etc.

I would comment also that i was talking with some people from the
Adamantix and Hardened Gentoo projects about an initiative i had in mind
for many time since i'm leading on Hardened Debian.

I was thinking in the possibility of setting up, managing and supporting
a SF.net-like (free projects hosting for those who are under open
source/free software licenses) site for software-security related
projects, promoting the collaboration between the developers of each
project and also the development of standards to assure that projects
could share their work with time wasting, and also assuring the
interoperability between them and their work.

For example i use the SSP/ProPolice case.Many projects have their own
implementation of it: inside Glibc, inside libgcc...and there's the
possibility of using another implementation that has no crappy
restrictions like libgcc's one or Glibc's one, the libssp, implementing
SSP as a library that could be used with GCC and SPECS files to compile
SSP-ready binaries without the problems gathered by the others:
backwards incompatibility, incompatibility between different project
packages (for ex. between Adamantix and Hardened Debian , but this is
not proved yet).That would mean a "standarized solution" and it's what
i'm looking for.

Thanks in advance for your attention reading this boring bunch of text
and cheers ;-)

-- 
Lorenzo Hernández García-Hierro [1024D/6F2B2DEC]
Hardened Debian head developer & project manager.
http://www.debian-hardened.org | http://lorenzo.debian-hardened.org

[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: New regression test suite for hardened environments & Hardened Debian proposals

[Luke Kenneth Casson Leighton]

On Mon, Nov 29, 2004 at 09:07:08PM +0100, Lorenzo Hernandez Garcia-Hierro wrote:

> Original paxtest (by Peter Busser) is a regression tests suite for the
> PaX kernel security enhancements (mainly the NOEXEC implementations and
> also the ASLR stuff).
 
 great: it's about time debian got a hardened distro - one that was
 accepted by the ftp maintainers.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: New regression test suite for hardened environments & Hardened Debian proposals

[Lorenzo Hernandez Garcia-Hierro]

[-- Attachment #1: Type: text/plain, Size: 766 bytes --]

Hi Luke,

El mar, 30-11-2004 a las 21:39 +0000, Luke Kenneth Casson Leighton
escribió:
> On Mon, Nov 29, 2004 at 09:07:08PM +0100, Lorenzo Hernandez Garcia-Hierro wrote:
> 
> > Original paxtest (by Peter Busser) is a regression tests suite for the
> > PaX kernel security enhancements (mainly the NOEXEC implementations and
> > also the ASLR stuff).
>  
>  great: it's about time debian got a hardened distro - one that was
>  accepted by the ftp maintainers.

Yes, but it must be right-managed and developed, with Debian policies in
mind.

I hope we will get their attention after Sarge's release.

Cheers,
-- 
Lorenzo Hernández García-Hierro [1024D/6F2B2DEC]
Hardened Debian head developer & project manager.
http://www.debian-hardened.org 

[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]