On 6/26/20 12:38 PM, Daniel Frey wrote:
On 6/20/20 7:04 PM, William Kenworthy wrote:
Thanks for filing the bug.
Gah! I forgot about this!
I filed a bug now, I hope I made it clear enough. Others can pipe in
there with comments if they like.
I did indicate the two potential proposals to correct the issue in the
bug itself.
https://bugs.gentoo.org/729752
Dan
BEFORE I contribute to this bug, I'm posting here to see if others are
or have interest, in my thoughts on this issue and my related needs for
extreme security, via Gentoo. Below is far from complete, but it only
provides a very snippets of my (secure) pathway forward with Gentoo.
Interesting thread, thanks to all contributors. I'd like to add 'my
selfish' interest, as they also be espoused by other, more focused,
gentoo users.
INTRO:
I rarely build gentoo systems, for many reasons, that are not pretty
singularly focused. It drastically reduces security, performance and
upgrade issues. For me, the days of a any system, having groups or
users, are in the history books of very bad ideas. uP are so cheap and
less than $100, gets you a very 'bad ass' computer (Rasp. Pi 4+) 16 G
map-able ram. Furthermore, SOON, usb_4 devices are going to obsolete the
entire concept of a 'hard drive'; hence the death (my prediction) of
groups and users on multi-USER systems, albeit slowly.
Multi-function, Multi-tasking, and light weight, focused transient
clusters are the future. YMMV.
So solving a problem, that was real and big, decades ago, fails to look
at the future. For me, Gentoo is future proof. I suggest a well
documented pathway forward; totally without the concept of groups and
users, on a typical, highly secure system. Which is now the baseline for
real systems, particularly with a ipv4 or ipv6 static ip, that provide
focused and highly restricted functionalities. CA servers are going
private, as the public and root CA servers, are suspect, at best, as to
being pristinely secure. Yes boys and girls most Certificate Authorities
are HACK! Even the main root CAs.
The F. Feds are the original culprits, but now it is a feeding frenzy.
The planet is now hacked, and groups and users concepts are the past.
imho! Danger Will Robinson Danger!
So can some of the smarter (gentoo) folks illuminate how to totally
avoid groups and users, except for the minimum required, application
specific? For example like serial line tools, or outline a set of
tweaks/setting to avoid these altogether?
I build embedded G. systems. I build single purpose G systems. I build
security G. systems (often with the ethernet, in only listen mode. I
build G. Firewalls.
I build G. highly restricted/filtered servers. NONE of those need users
or groups. And if they do, I can obfuscate codes to provide that need,
to where filters and focused software gets what it needs to provide
functions.
Yep, I'm moving to a total 'State_Machine_design' for critical services.
Strip out every thing else.....
Am I alone, or have/are others contemplating such high secure pathways?
I'd be fantastic to find a kernel hacker that is on the pathway of
extreme minimization too; private email is fine; if that is in your
wheel_house.
curiously alone?,
James
