Alex Vong <alexvong1...@gmail.com> writes: > Hello everyone, > > For microkernel, sel4 being a formally verified microkernel (developed > by security researchers?) looks promising to me. Maybe someday we can > rebase hurd on top of it (replacing mach)...
I suppose it may be possible, but many of the original hurd developers "concluded that microkernel design and system design are interconnected in very intricate ways, and thus trying to use a third-party microkernel will always result in trouble". It is probably very non-trivial to port to another microkernel. https://www.gnu.org/software/hurd/history/port_to_another_microkernel.html You might be interested in x15. It's a hurd-like operating system, that is probably a decade away from being useful to your average user. But it is developed by a long time Hurd developer: Richard Braun. https://www.sceen.net/x15/ > > For ocap, I've no idea about it. I've heard of apparmor and selinux but > not ocap. Btw, debian has started shipping apparmor profiles since 2017 > if I remember correctly. If everything's going well, it should be in the > next stable release. Should guix ship apparmor / selinux profiles as > well? > > For RISC-V, my dream would be using a RISC-V chip 3D-printed from a GPL > design :) > > In addition, I have some other ideas regarding guix security. > > According to > <https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html>, > X server lacks GUI isolation. As a result, user gaining local acess to > the machine can run a keylogger logging sudo password. This nullifies > many security maeasures. Is guix vulnerable to this as well? > > If so, how should we fix it? Qubes OS fixes it by virtualization > (running programs in a VM). But it seems to me that having multiple OS > complicates things. I haven't tried using Qubes OS though. > > Besides, I remember we have discuss about hardening before. Should I > start a new hardening branch? (although I don't time to work on it right > now). I think this is something we can do now. > > My idea is to create a new guix module (guix build hardening) which > should contains various build flags. Then we should modifiy each build > system to import from this new module and fix any build error caused by > it. We can ask the build farm to evaluate this new branch, right? > > What do you think? > > Cheers, > Alex > -- Joshua Branson Sent from Emacs and Gnus