Re: Plan for Guix security (was Re: Long term plan for GuixSD security:

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Plan for Guix security (was Re: Long term plan for GuixSD security:

From:	Joshua Branson
Subject:	Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support)
Date:	Wed, 26 Dec 2018 12:48:04 -0500
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Alex Vong <address@hidden> writes:

> Hello everyone,
>
> For microkernel, sel4 being a formally verified microkernel (developed
> by security researchers?) looks promising to me. Maybe someday we can
> rebase hurd on top of it (replacing mach)...

I suppose it may be possible, but many of the original hurd developers
"concluded that microkernel design and system design are interconnected
in very intricate ways, and thus trying to use a third-party microkernel
will always result in trouble".  It is probably very non-trivial to port
to another microkernel.

https://www.gnu.org/software/hurd/history/port_to_another_microkernel.html

You might be interested in x15.  It's a hurd-like operating system, that
is probably a decade away from being useful to your average user.  But
it is developed by a long time Hurd developer:  Richard Braun.

https://www.sceen.net/x15/

>
> For ocap, I've no idea about it. I've heard of apparmor and selinux but
> not ocap. Btw, debian has started shipping apparmor profiles since 2017
> if I remember correctly. If everything's going well, it should be in the
> next stable release. Should guix ship apparmor / selinux profiles as
> well?
>
> For RISC-V, my dream would be using a RISC-V chip 3D-printed from a GPL
> design :)
>
> In addition, I have some other ideas regarding guix security.
>
> According to 
> <https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html>,
> X server lacks GUI isolation. As a result, user gaining local acess to
> the machine can run a keylogger logging sudo password. This nullifies
> many security maeasures. Is guix vulnerable to this as well?
>
> If so, how should we fix it? Qubes OS fixes it by virtualization
> (running programs in a VM). But it seems to me that having multiple OS
> complicates things. I haven't tried using Qubes OS though.
>
> Besides, I remember we have discuss about hardening before. Should I
> start a new hardening branch? (although I don't time to work on it right
> now). I think this is something we can do now.
>
> My idea is to create a new guix module (guix build hardening) which
> should contains various build flags. Then we should modifiy each build
> system to import from this new module and fix any build error caused by
> it. We can ask the build farm to evaluate this new branch, right?
>
> What do you think?
>
> Cheers,
> Alex
>

--
Joshua Branson
Sent from Emacs and Gnus

[Prev in Thread]

Current Thread

[Next in Thread]

Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support), Alex Vong, 2018/12/25
- Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support), Marius Bakke, 2018/12/26
- Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support), Joshua Branson <=

Prev by Date: Re: Better names for Guix versions from git?
Next by Date: Re: the upcoming Great Python2 Purge™
Previous by thread: Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support)
Next by thread: the upcoming Great Python2 Purge™
Index(es):
- Date
- Thread