[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Plan for Guix security (was Re: Long term plan for GuixSD security:
Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support)
Wed, 26 Dec 2018 12:48:04 -0500
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
Alex Vong <address@hidden> writes:
> Hello everyone,
> For microkernel, sel4 being a formally verified microkernel (developed
> by security researchers?) looks promising to me. Maybe someday we can
> rebase hurd on top of it (replacing mach)...
I suppose it may be possible, but many of the original hurd developers
"concluded that microkernel design and system design are interconnected
in very intricate ways, and thus trying to use a third-party microkernel
will always result in trouble". It is probably very non-trivial to port
to another microkernel.
You might be interested in x15. It's a hurd-like operating system, that
is probably a decade away from being useful to your average user. But
it is developed by a long time Hurd developer: Richard Braun.
> For ocap, I've no idea about it. I've heard of apparmor and selinux but
> not ocap. Btw, debian has started shipping apparmor profiles since 2017
> if I remember correctly. If everything's going well, it should be in the
> next stable release. Should guix ship apparmor / selinux profiles as
> For RISC-V, my dream would be using a RISC-V chip 3D-printed from a GPL
> design :)
> In addition, I have some other ideas regarding guix security.
> According to
> X server lacks GUI isolation. As a result, user gaining local acess to
> the machine can run a keylogger logging sudo password. This nullifies
> many security maeasures. Is guix vulnerable to this as well?
> If so, how should we fix it? Qubes OS fixes it by virtualization
> (running programs in a VM). But it seems to me that having multiple OS
> complicates things. I haven't tried using Qubes OS though.
> Besides, I remember we have discuss about hardening before. Should I
> start a new hardening branch? (although I don't time to work on it right
> now). I think this is something we can do now.
> My idea is to create a new guix module (guix build hardening) which
> should contains various build flags. Then we should modifiy each build
> system to import from this new module and fix any build error caused by
> it. We can ask the build farm to evaluate this new branch, right?
> What do you think?
Sent from Emacs and Gnus