( citation manually inserted not to make two email replies; however, I'll skip Rick Moen's reply in the thread that arrived in the meantime, since it's off topic ) On 170919-07:43+0200, Edward Bartolo wrote: > With a compromised CPU that has questionable smaller cores running a > HIDDEN OS, I cannot see what advantages anyone gets by installing > grsecurity. This is worse than having a compromised machine that is > always connected to your computer. I see your point. If https://forums.grsecurity.net weren't locked since they were chased out by ingratitude and ripoff of their code, I'd ask there about it. Curious about this aspect really... Well, I should first try and search more on it (but how?), and then ask about it, where?... maybe at https://www.superuser.com or elsewhere? Maybe at: https://lists.immunityinc.com/mailman/listinfo/dailydave ? If only the exploit writers there were inclined to tell us their secrets (which is not so likely; but they're certainly not hostile to whitehats... spender did participate occasionally and briefly in that mailing list)...
Not much more dare I venture on this issue because it is not directly related to Devuan ( other than me offering documentation to newbies about grsecurity as I wrote in my email to which Edward replied, and in which I gave the links to my dev1galaxy grsecurity topic and github repo script; only, at this time, for compiling grsecurity hardened kernel; later I would also like to provide kernel deb packages --as I used to provide for Debian-- or, in case corsac ( http://perso.corsac.net/~corsac ) returns and picks up instead from unavailable original grsecurity, from *minipli's* unofficial-grsecurity and starts packaging them for Debian, then would like to try to test them for Devuan ) I'm trying not to go off topic here... But just a few more words... > ... > There is yet the other uncertainty of what ISPs do with data > travelling through their systems. Even if users set up completely > secure systems, their data still has to travel through an ISPs > infrastructure. No, that ISP part can be fixed, if it isn't brute force censorship. It is/would be very hard to control that part, but possible! (would be way offtopic trying to go into details of my understanding on it, though) > I am starting to believe computer security is an unattainable Utopia No, Edward. If computer security weren't attainable we wouldn't have Wikileaks, and neither would we have Edward Snowden. No, it's not unattainable. If I ever become part of a team, we'll be using what FSF recommends (and it's what *taiidan* wrote extensively about recently on this mailing list: IBM Talos II Power9 processor-based server; BTW, in that discussion the winning argument is, as often, Rick Moen's :-) on the sanity of what FSF recommends: https://lists.dyne.org/lurker/message/20170912.000313.f8275717.en.html with the link to: https://www.fsf.org/blogs/licensing/support-the-talos-ii-a-candidate-for-respects-your-freedom-certification-by-pre-ordering-by-september-15 ). And then you fix Linux with grsecurity, and you would have a secure GNU/Linux server... On 170919-10:24+0100, Arnt Gulbrandsen wrote: > For example, some attack kits must be hoarded. They're very powerful, but > every time they're used they risk disclosure, Disclosure is what I'm fighting tooth and nails to get... My: http://github.com/miroR/uncenz is all about that... And disclosure is what can be seen in the first installment of the same type as this second installment in Devuan forums: Strange Bash under grsecurity's exec logging https://dev1galaxy.org/viewtopic.php?id=1598 where the first installement was four months ago, with what happened in my Gentoo system: Strange script planted with Bash https://www.croatiafidelis.hr/foss/cap/cap-170504-strange-bash/index.php But it's a very partial disclosure... because I'm not an expert... > if the victim notices and > sends the computer off to someone like Citizenlab. The attacker has great > power and is almost unable to use it. I looked up https://citizenlab.ca/ but didn't find a way to ask there about help on my issue above repeated... I hope I haven't gone too much off topic. I presented my problem's basic aspects, and it's grsecurity that helped uncover it... unofficial-grsecurity that I try to offer tips about to newbies in Devuan ( for clarity: Grsecurity/Pax installation on Devuan GNU/Linux https://dev1galaxy.org/viewtopic.php?id=596 ) Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
