Re: Hardening

[ng0]

Ricardo Wurmus <address@hidden> writes:

> Leo Famulari <address@hidden> writes:
>
>> On Tue, Jan 24, 2017 at 08:56:48PM +0000, ng0 wrote:
>>> Leo Famulari <address@hidden> writes:
>>> > Should we build Tor with "--enable-expensive-hardening"?
>>>
>>> I will take a look later what can be applied other than the
>>> default configure flags.
>>>
>>> I'm all for hardening, but it seems that the first basic ideas
>>> for Guix are stuck in the idea state.
>>
>> As far as I can tell, --enable-expensive-hardening is specific to Tor,
>> so it's not relevant to the project of hardening all Guix packages.
>>
>>> It would be great to see some movement on this during this
>>> year. I volunteer to help with it, though I don't have as much
>>> experience with SELinux (and only basic experience with
>>> GrSecurity without a modular kernel like GuixSD uses).
>>
>> Yes, this effort needs a champion.
>
> I know SELinux and I have a couple of almost-ready packages for it.  The
> bigger problem for us is writing SELinux policies, because we cannot
> just use those from Fedora.

Oh, this is good to hear!

> SELinux policies are applied to file paths (which are not stable in
> Guix) and are “remembered” using extended file attributes.  This means
> we’d have to write policies that can deal with arbitrary prefixes and
> we’d have to add an optional service to automatically label all store
> items (that’s expensive but maybe it can be done incrementally).

Oh.

> However, this is completely separate from enabling a configure flag for
> Tor.

That's why I changed the subject of the email, I am aware that
this has nothing to do with tor configure-flags.

-- 
♥Ⓐ  ng0 -- https://www.inventati.org/patternsinthechaos/