Forgot your password?
typodupeerror
Security Linux

Openwall Linux 3.0 — No SUIDs, Anti-Log-Spoofing 122

Posted by Soulskill
from the wouldn't-an-open-wall-be-a-gate dept.
solardiz writes "Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of work on the project. Owl is a small, security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in the default install (yet the system is usable, including password changing); and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), 'make iso' & 'make vztemplate' in the included build environment, ext4 by default, xz in tar/rpm/less, 'anti-Debian' key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source."
This discussion has been archived. No new comments can be posted.

Openwall Linux 3.0 — No SUIDs, Anti-Log-Spoofing

Comments Filter:
  • Amazing Work (Score:4, Interesting)

    by metrix007 (200091) on Friday December 17, 2010 @04:50PM (#34592368)

    While OpenWall won't see much adoption on it's own I do hope a lot of the work gets ported to other distributions so it is in common use.

    Not trolling, but Linux Security is somewhat atrocious these days with the whole security via obscurity approach, so I for one have a better state of mind when I know I can protect myself even in the result of a succusful exploit.

  • Anti-debian key? (Score:4, Interesting)

    by gandhi_2 (1108023) on Friday December 17, 2010 @04:58PM (#34592506) Homepage

    Can someone explain (for real) the point of the 'anti-Debian' key blacklist?

    Is it because of the Debian-specific vulnerability in OpenSSH? I thought that was a couple years ago.

  • by mangu (126918) on Friday December 17, 2010 @06:08PM (#34593440)

    I'm curious as to how you implement SNMP and POP3 over port 80.

    Sorry, I didn't know that the World Wide Web [wikipedia.org] had been expanded to include network management [wikipedia.org] or email. I was under the impression that it was only about hypertext [wikipedia.org].

    I didn't say "over the network", did I? POP3 and SNMP are typically services that you find in an academic network, but nowadays everything else that is provided by a commercial service comes through port 80. My ISP does have a POP3 option, but why would I have an email address that's attached to an ISP when I can use gmail?

What the large print giveth, the small print taketh away.

Working...