| View previous topic :: View next topic |
| Is security important for you? |
| Yes |
|
76% |
[ 19 ] |
| Maybe, but don't have the time for it |
|
16% |
[ 4 ] |
| Ofcourse not, I don't care if I get hacked |
|
8% |
[ 2 ] |
|
| Total Votes : 25 |
|
| Author |
Message |
unnamed_one
n00b
Joined: 04 Dec 2023
Posts: 2
|
 Posted: Wed Apr 24, 2024 7:24 am Post subject: Few questions regarding Gentoo |
 |
|
I wanted to know a few things, still not that knowledgeable regarding Linux but asking:
1) There are flavors of window managers, desktop environments, init / systemd, package managers, etc. but is there an alternative to the Linux Kernel? If not, why not? From my understanding, Linux kernel is over million lines of code, and the complexity is increasing incrementally, it would be nice to have something very minimal. I'm sure it'll not support everything but that is the point. 
2) How do you derive the Gentoo minimal cd from? I'm sure it cannot be derived from another binary which is stupid. Are there any well established minimal cd's that have been thoroughly verified for security? Would appreciate a github link to the source
3) Another important thing that I wanted to ask, lot of times, there's .sig files added with images, but no way to know information related to the devs / keys. After decade of Gentoo, I was expecting that those information should be available at the same place where hashes are provided, why is that not the case? Also, have you considered that your website hosting the hashes can get hacked, and the attacker can update it with different info? Do you have any known mitigations to this type of attack?
Please I've put in some effort here, last thing I want is my post to be flagged as some kind of troll / insincere by people who are not competent enough. Also, you don't have to answer everything.
Thanks! |
|
| Back to top |
|
 |
Taigo
n00b
Joined: 09 Nov 2022
Posts: 71
Location: the Netherlands
|
| Posted: Wed Apr 24, 2024 1:14 pm Post subject: Re: Few questions regarding Gentoo |
|
|
| unnamed_one wrote: | I wanted to know a few things, still not that knowledgeable regarding Linux but asking:
1) There are flavors of window managers, desktop environments, init / systemd, package managers, etc. but is there an alternative to the Linux Kernel? If not, why not? From my understanding, Linux kernel is over million lines of code, and the complexity is increasing incrementally, it would be nice to have something very minimal. I'm sure it'll not support everything but that is the point.
2) How do you derive the Gentoo minimal cd from? I'm sure it cannot be derived from another binary which is stupid. Are there any well established minimal cd's that have been thoroughly verified for security? Would appreciate a github link to the source
3) Another important thing that I wanted to ask, lot of times, there's .sig files added with images, but no way to know information related to the devs / keys. After decade of Gentoo, I was expecting that those information should be available at the same place where hashes are provided, why is that not the case? Also, have you considered that your website hosting the hashes can get hacked, and the attacker can update it with different info? Do you have any known mitigations to this type of attack?
Please I've put in some effort here, last thing I want is my post to be flagged as some kind of troll / insincere by people who are not competent enough. Also, you don't have to answer everything.
Thanks! |
The only thing i think of with alternative to linux is openBSD or freeBSD, but the compatibility isn't nearly as big as Linux |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3146
|
| Posted: Wed Apr 24, 2024 1:49 pm Post subject: |
|
|
Hurd claims it's not dead yet, you might give it a shot 
On a more serious note, I think Gentoo has a BSD option, so you can run it with non-linux kernel.
Also, if you're into really exotic stuff, Haiku appears to be alive and kicking. Desktop-only and it is very much not-Gentoo though. Just some random thing I remembered as a little curiosity from many years ago; I don't know if it is actually usable. However, looking at their website, it might be.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54278
Location: 56N 3W
|
| Posted: Wed Apr 24, 2024 4:07 pm Post subject: |
|
|
unnamed_one,
Welcome to Gentoo.
The only stupid question is the one you never ask. Then you never learn the answer.
Beware silly answers though. They are usually called out here.
1) Gentoo on BSD used to be a thing. The project died and it was removed from the repo several years ago.
If you want to revive it, it will still be in git.
Hurd will be finished any day now. I've been hearing that for a very long time. :)
2) The stage3s, the Live CD/DVDs are all made with a tool called catalyst.
You can tune it to include the packages that you want in your media. | Code: | | emerge dev-util/catalyst |
to get started.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Goverp
Advocate
Joined: 07 Mar 2007
Posts: 2012
|
| Posted: Wed Apr 24, 2024 5:56 pm Post subject: |
|
|
Strictly speaking, it's impossible to run Linux without the Linux kernel, since Linux is the kernel. All the rest is GNU and other packages.
If you're interested a more secure kernel, you could try Redox OS, but you'd have to live with it's as-yet quite a bit smaller set of accompanying packages; I'm not sure how much of what's available under Linux will work with it. IIUC the biggest problem is that it can't use Linux device drivers such as Nouveau and AMDGPU (I've been wanting to give it a try, but never had the time.)
_________________
Greybeard |
|
| Back to top |
|
|
Genone
Retired Dev
Joined: 14 Mar 2003
Posts: 9538
Location: beyond the rim
|
| Posted: Thu Apr 25, 2024 3:28 pm Post subject: |
|
|
1) Do you mean like a drop-in replacement? No, there isn't and there never will be. What you can do is use many of the mentioned components on other operating systems with other kernels. Also any usable OS kernel has millions of lines of codes (which is a stupid metric to begin with), most of that in device drivers. Mind that if you build the Linux kernel from source you can configure it so most of the code won't even be compiled, if you're truly concerned about that.
2) What do you mean with "derive"? A cd image is hardly more than a snapshot of a filesystem location. You don't review an image for security (waste of time as the image will likely be replaced before you're finished), you review the system that generated the image.
3) Providing keys over the same channel as signatures would completely defeat the purpose, as then an attacker with access to that channel could easily replace both at the same time. Also there would then be no way to invalidate keys. And hashes are only used to check that the received file matches the file stored on the server, not as tampering protection. For that you have to check signature of the hash. If you're actually interested in technical details specific to Gentoo, check GLEPs 57, 59, 63, 74 and 79 ( https://www.gentoo.org/glep/ ) |
|
| Back to top |
|
|
unnamed_one
n00b
Joined: 04 Dec 2023
Posts: 2
|
| Posted: Mon Apr 29, 2024 12:19 pm Post subject: |
|
|
| Genone wrote: |
3) Providing keys over the same channel as signatures would completely defeat the purpose, as then an attacker with access to that channel could easily replace both at the same time. Also there would then be no way to invalidate keys. And hashes are only used to check that the received file matches the file stored on the server, not as tampering protection. For that you have to check signature of the hash. If you're actually interested in technical details specific to Gentoo, check GLEPs 57, 59, 63, 74 and 79 ( https://www.gentoo.org/glep/ ) |
Thanks for providing the link to the documentation, will go over it when I get the time. That's why I like this community so much, there's always some link to fix something
If the sun doesn't work, I'm sure there's a button here somewhere which will turn it back on lol.
Anyway, moving on... what you said is actually important, the fact that distribution of keys should not be over the same medium. I guess that is why we have the GPG architecture, to fetch keys and stuff.
There's 2 problems with this approach that comes to mind:
1) Let's say someone enforces an advanced man in the middle attack system in the network, and you fetch key information from an attacker controlled server. Then all hope is lost.
2) Someone replaces both hash and signature files, how frequently does an author that publishes the images & related information, verify that those information have not been tampered down the line?
What we have currently is not bad, but we need to come up with something better. I'm saying this because I've experienced these kinds of incidents a lot, where entire networks are just cloning known websites, etc. by APTs who have a lot of authority. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54278
Location: 56N 3W
|
| Posted: Mon Apr 29, 2024 12:30 pm Post subject: |
|
|
unnamed_one,
You are supposing two separate but coordinated attacks, so that signatures and distfile hashes are replaced together.
Anything less would mean that the checks fail, which would bring the problem to light immediately.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Genone
Retired Dev
Joined: 14 Mar 2003
Posts: 9538
Location: beyond the rim
|
| Posted: Tue Apr 30, 2024 9:58 am Post subject: |
|
|
| unnamed_one wrote: | | What we have currently is not bad, but we need to come up with something better. I'm saying this because I've experienced these kinds of incidents a lot, where entire networks are just cloning known websites, etc. by APTs who have a lot of authority. |
There is not really anything you can do against an attacker that literally controls the entire network (in this case: the internet). You can never fully eliminate risks, security is about reducing risks and mitigating their effects. Which is always a balance between security, cost and convenience (the most secure system is useless as nobody can actually use it).
Mind that taking control over a single server in a way that allows you to replace arbitrary files already requires not just getting local access but also the necessary priviledges, so usually two different exploits. And that for each server you need to control (at least two, more if you want to avoid detection).
Really sophisticated attacks like the recent xz issue (which was basically just detected due to pure luck) are next to impossible to defend against by technical means. In the end, security starts and ends with people.
| Quote: | | 2) Someone replaces both hash and signature files, how frequently does an author that publishes the images & related information, verify that those information have not been tampered down the line? |
Just replacing a signature is pointless if the key generating it isn't trusted. Another reason why keys are distributed over a different channel: Updating the keystore at a different interval will make it harder for a synchronized attack to go through unnoticed. Also replacing the hash only helps you if you can also replace the corresponding payload. Theoretically you could put payload (ebuilds) and hashes also on different systems to make it harder to tamper with both, but the cost and complexity (which could open up other attack vectors) just isn't worth it. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
