Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support)

2019-01-05 Thread Ludovic Courtès
Hello, Marius Bakke skribis: > Alex Vong writes: > >> Besides, I remember we have discuss about hardening before. Should I >> start a new hardening branch? (although I don't time to work on it right >> now). I think this is something we can do now. >> >> My idea is to create a new guix module (

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-12-31 Thread Christopher Lemmer Webber
Adonay Felipe Nogueira writes: > Em 24/09/2018 11:14, Ludovic Courtès escreveu: >> Christopher Lemmer Webber skribis: >>>- There's also Google's recent work with Magenta/Fuschia. From what >>> I've read, architecturally this looks right. I think the reason >>> for worry here is th

Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support)

2018-12-26 Thread Joshua Branson
Alex Vong writes: > Hello everyone, > > For microkernel, sel4 being a formally verified microkernel (developed > by security researchers?) looks promising to me. Maybe someday we can > rebase hurd on top of it (replacing mach)... I suppose it may be possible, but many of the original hurd develo

Re: Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support)

2018-12-26 Thread Marius Bakke
Hello! Alex Vong writes: > Besides, I remember we have discuss about hardening before. Should I > start a new hardening branch? (although I don't time to work on it right > now). I think this is something we can do now. > > My idea is to create a new guix module (guix build hardening) which > sh

Plan for Guix security (was Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support)

2018-12-25 Thread Alex Vong
Hello everyone, For microkernel, sel4 being a formally verified microkernel (developed by security researchers?) looks promising to me. Maybe someday we can rebase hurd on top of it (replacing mach)... For ocap, I've no idea about it. I've heard of apparmor and selinux but not ocap. Btw, debian

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-12-09 Thread Adonay Felipe Nogueira
Em 24/09/2018 11:14, Ludovic Courtès escreveu: > Christopher Lemmer Webber skribis: >>- There's also Google's recent work with Magenta/Fuschia. From what >> I've read, architecturally this looks right. I think the reason >> for worry here is the same difficulty the community has ha

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-09-24 Thread Jonathan Brielmaier
On 9/24/18 5:24 PM, Joshua Branson wrote: > l...@gnu.org (Ludovic Courtès) writes: >> We could also mention MINIX, which many of us are already using daily. >> :-) > > That's pretty awesome! I didn't realize gnu developers were using > MINIX. I guess it is a little different as you might think.

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-09-24 Thread Joshua Branson
l...@gnu.org (Ludovic Courtès) writes: > Hi there! > > Christopher Lemmer Webber skribis: > > > We could also mention MINIX, which many of us are already using daily. > :-) That's pretty awesome! I didn't realize gnu developers were using MINIX. Also perhaps in a few years, x15 may turn into a

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-09-24 Thread Ludovic Courtès
Hi there! Christopher Lemmer Webber skribis: > - It's getting hard to trust our computers as in terms of our physical >hardware. Companies like Purism are helping to build blobless >systems, but even then the hardware is built on un-auditable and >with growing apparent insecurity (

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-08-30 Thread Ludovic Courtès
Hello Guix! l...@gnu.org (Ludovic Courtès) skribis: > Specifically there are two things we can implement: > > 1. A ‘guix run’ command along the lines of > . > > 2. A mechanism that would allow, say, ‘guix package -i PKG

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-08-24 Thread Ludovic Courtès
Hi, Ricardo Wurmus skribis: > I’d love to get us closer to being able to run the GNU system with the > Hurd and Guix underpinnings. Unfortunately, Hurd is not considered a > priority by GNU, which shows in the lack of support for modern hardware. I know you know ;-) but there’s no such thing a

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-08-24 Thread Ludovic Courtès
Hi there! Christopher Lemmer Webber skribis: > - It's getting hard to trust our computers as in terms of our physical >hardware. Companies like Purism are helping to build blobless >systems, but even then the hardware is built on un-auditable and >with growing apparent insecurity (

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-08-23 Thread Christopher Lemmer Webber
First off, I should mention that rain1 reminded me about OpenBSD's Capsicum and the Capsicum for Linux project, which I had mostly forgotten about: http://www.capsicum-linux.org/ Capsicum brings file descriptor based capabilities, and this is a reasonable intermediate approach. Shill is an ocap

Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

2018-08-23 Thread Ricardo Wurmus
Hey, > - In terms of software, currently we run on ACL-heavy systems, which >are well known to be insecure designs: > http://waterken.sourceforge.net/aclsdont/current.pdf >If a computer program behaves badly, it shouldn't be able to do any >more damage than the smallest amount