Wishlist: Difference between revisions

From Alpine Linux
m (gradm - needs to work)
(use https)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Draft}}
{{Draft}}
{{TOC right}}


{{Warning|This page is unofficial at the moment.}}  
{{Warning|This page is unofficial at the moment.}}  
Line 18: Line 19:


= Hardening =
= Hardening =
== gradm ==
Have gradm utility work out of the box with Alpine Linux.


== capabilities ==
== capabilities ==




== grsecurity policy database ==
I think providing a [https://grsecurity.net/ grsecurity] policy database for users and administrators would greatly increase adoption and proper use of grsecurity. A starting point for this project would be to provide the lowest common denominator policies, that has been tested to work, for a given package, daemon, or service. I think this would drastically reduce the barior to entry for users increase the security of the system. Hopefully this database provides building blocks need to quickly learn, modify, and validate grsecurity policies that match their intended policies for their system(s).


== tcb Logins ==
== tcb Logins ==
Line 34: Line 28:


=== tcb resources ===
=== tcb resources ===
* [http://www.openwall.com/tcb/ tcb - the alternative to /etc/shadow]
* [https://www.openwall.com/tcb/ tcb - the alternative to /etc/shadow]
* [http://www.openwall.com/presentations/Owl/mgp00020.html tcb - slides]
* [https://www.openwall.com/presentations/Owl/mgp00020.html tcb - slides]


== Removing SUIDs/SGIDs ==
== Removing SUIDs/SGIDs ==
Line 47: Line 41:
* [https://github.com/devrandom/gitian-builder gitian-builder]
* [https://github.com/devrandom/gitian-builder gitian-builder]
* [https://gist.github.com/devrandom/806265 libcoin gitian build code]
* [https://gist.github.com/devrandom/806265 libcoin gitian build code]
* [http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html 31C3 - Reproducible Builds]
* [https://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html 31C3 - Reproducible Builds]


== Nix ==
== Nix ==


* [http://nixos.org/docs/papers.html NixOS Papers]
* [https://web.archive.org/web/20170705180623/http://nixos.org/docs/papers.html NixOS Papers]
* [https://nixos.org/nix/ Nix Package Manger]
* [https://nixos.org/nix/ Nix Package Manger]
* [https://nixos.org/ NixOS - Homepage]
* [https://nixos.org/ NixOS - Homepage]


= Builds =
= Builds =
Line 63: Line 55:


* [https://qubes-os.org/ QubesOS]
* [https://qubes-os.org/ QubesOS]
* [http://www.opendaylight.org/ OpenDaylight]
* [https://www.opendaylight.org/ OpenDaylight]
* [http://www.openstack.org/marketplace/distros/ OpenStack]
* [https://www.openstack.org/marketplace/distros/ OpenStack]
* [https://coreos.com/ CoreOS]
* [https://coreos.com/ CoreOS]
* [https://tails.boum.org/ Tails]
* [https://tails.boum.org/ Tails]
* [http://dee.su/liberte Liberte]
* [https://dee.su/liberte Liberte]
* [https://www.kali.org/ Kali]
* [https://www.kali.org/ Kali]
* [http://www.pentoo.ch/ Pentoo]
* [https://www.pentoo.ch/ Pentoo]


= Automation =
= Automation =
Line 84: Line 76:


== Publicity ==
== Publicity ==
[[category:Development]]

Latest revision as of 21:29, 25 August 2023

This material is work-in-progress ...

Do not follow instructions here until this notice is removed.
(Last edited by Sertonix on 25 Aug 2023.)

Warning: This page is unofficial at the moment.


Project Wishlist

Ports

Security

Offensive

Defensive

Administration

Networks

Hardening

capabilities

tcb Logins

The goal of this is to remove the S currently needed for shadow logins.

tcb resources

Removing SUIDs/SGIDs

It would be nice to see the elimination of these file permissions from Alpine. The reason for this is because throughout the years SUIDs/SGIDs have repeatedly been a source of exploits (esp. privilege escelation) for UNIX derivatives. It may be unfeasible or not unwise to completely ban these file permissions for all packages of Alpine but removing these permissions from Alpine base and X server has been proven to be doable and would provide safer Alpine systems out of the box.

Packaging

gitian

Nix

Builds

Distros

Some ditros that would be cool to be able to build on top of Alpine. This is by no means intended to change how the core of Alpine is about, developed, or maintained.

Automation

Testing

Metrics

Benchmarks

Community

Outreach

Publicity