<![CDATA[Dev1 Galaxy Forum / Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?id=4972 Thu, 07 Apr 2022 21:31:29 +0000 FluxBB <![CDATA[Re: Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35544#p35544 Perhaps adding a patch to the init scripts that can use hardened malloc, so that they can read a config like from /etc/default/hardened_malloc.config to use hardened malloc in a local LD_PRELOAD

]]> Thu, 07 Apr 2022 21:31:29 +0000 https://dev1galaxy.org/viewtopic.php?pid=35544#p35544 <![CDATA[Re: Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35539#p35539 ^ That would apply to all system scripts but not all will work with hardened malloc so the suggestion is to only load the hardened malloc for specific init scripts.

]]> Thu, 07 Apr 2022 10:05:04 +0000 https://dev1galaxy.org/viewtopic.php?pid=35539#p35539 <![CDATA[Re: Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35538#p35538 to use the hardened malloc without systemd wouldn't it suffice to add something like hardened-malloc.conf to /etc/ld.so.conf.d/ , you know like with the other ld configs?

]]> Thu, 07 Apr 2022 09:39:23 +0000 https://dev1galaxy.org/viewtopic.php?pid=35538#p35538 <![CDATA[Re: Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35521#p35521 Devuan should be able to make use of the hardened malloc implementation provided by Whonix/Kicksecure ™:

https://www.kicksecure.com/wiki/Hardened_Malloc

I've had it working for Debian, the only caveat is that sysvinit does not support drop-in configuration snippets so the relevant scripts under /etc/init.d/ would have to be edited manually to add the LD_PRELOAD environmental variable. The changes would probably be over-written during package upgrades, or perhaps APT will ask if the file should be kept or replaced with the new version, not sure which.

EDIT: https://www.kicksecure.com/wiki/Debian ← that shows how to add the Kicksecure repositories, use with care and backup beforehand.

]]> Wed, 06 Apr 2022 09:44:17 +0000 https://dev1galaxy.org/viewtopic.php?pid=35521#p35521 <![CDATA[Re: Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35518#p35518 Archlinux wiki has a great section on Linux security.

https://wiki.archlinux.org/title/security

Ive never (touch wood) had security issues using Linux based distros. Windows years ago i did with all sorts of viruses when i visited certain websites out of curiosity.

]]> Wed, 06 Apr 2022 08:09:26 +0000 https://dev1galaxy.org/viewtopic.php?pid=35518#p35518 <![CDATA[Re: Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35511#p35511 Sup HoaS,

Head_on_a_Stick wrote:

madaidan has some legit insights. Whonix is an interesting distro. Used it for research awhile back.

Further reading: https://www.reddit.com/r/linux/comments … about_the/

The sad truth is that Windows is probably the most secure desktop operating system at the moment and Chrome is the most secure browser. Both are exceptionally poor in respect of privacy so I suppose that's the price to be paid.

It is upsetting that businesses treat privacy as a commodity, not a right in and of itself. The early web had so much promise...

]]> Mon, 04 Apr 2022 17:06:03 +0000 https://dev1galaxy.org/viewtopic.php?pid=35511#p35511 <![CDATA[Re: Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35509#p35509 I'm no expert in such matters but I like to use this site to troll the #nonemoresecure crowd:

https://madaidans-insecurities.github.io/

The author is a security researcher and a Whonix developer so I think they actually know what they're talking about. Some good advice there.

The sad truth is that Windows is probably the most secure desktop operating system at the moment and Chrome is the most secure browser. Both are exceptionally poor in respect of privacy so I suppose that's the price to be paid.

]]> Mon, 04 Apr 2022 16:29:48 +0000 https://dev1galaxy.org/viewtopic.php?pid=35509#p35509 <![CDATA[Devuan/Linux security: a novella]]> https://dev1galaxy.org/viewtopic.php?pid=35508#p35508 Sup everyone,

The tl;dr is that I recently eavesdropped a long conversation/FUD about "linux is the most secure OS blah blah..." Their claims were without support. It makes me cringe when people peddle misinformation about Linux-based operating systems (and when they call Linux an operating system...).

Still, it got the gears turning, and I realized, it's been a hot minute since I did anything in Linux that wasn't for professional end.

So, I wanted to open a topic for people to share facts, thoughts, or other info about Linux or Devuan security. The topic is open-ended. My interest is more to have a conversation about things we would not expect from Linux security. I know for a fact that our "frequent flyers" here bring a wealth of experience from a variety of backgrounds.

P.S.: It's been a minute since I posted here. I write software now and am working in the CyS field. I'll actually be working with an IoT/mobile security research team over the summer. Life is good.

]]> Mon, 04 Apr 2022 16:00:34 +0000 https://dev1galaxy.org/viewtopic.php?pid=35508#p35508