Wishlist
This material is work-in-progress ... Do not follow instructions here until this notice is removed. |
Project Wishlist
Ports
Security
Offensive
Defensive
Administration
Networks
Hardening
capabilities
grsecurity policy database
I think providing a grsecurity policy database for users and administrators would greatly increase adoption and proper use of grsecurity. A starting point for this project would be to provide the lowest common denominator policies, that has been tested to work, for a given package, daemon, or service. I think this would drastically reduce the barior to entry for users increase the security of the system. Hopefully this database provides building blocks need to quickly learn, modify, and validate grsecurity policies that match their intended policies for their system(s).
tcb Logins
The goal of this is to remove the S currently needed for shadow logins.
tcb resources
Removing SUIDs/SGIDs
It would be nice to see the elimination of these file permissions from Alpine. The reason for this is because throughout the years SUIDs/SGIDs have repeatedly been a source of exploits (esp. privilege escelation) for UNIX derivatives. It may be unfeasible or not unwise to completely ban these file permissions for all packages of Alpine but removing these permissions from Alpine base and X server has been proven to be doable and would provide safer Alpine systems out of the box.
Packaging
gitian
[1] [2] [3] 31C3 - Reproducible Builds
Nix
Builds
Distros
Some ditros that would be cool to be able to build on top of Alpine. This is by no means intended to change how the core of Alpine is about, developed, or maintained.