The officially official Devuan Forum!

You are not logged in.

#1 2022-04-04 16:00:34

siva
Member
Registered: 2018-01-25
Posts: 276  

Devuan/Linux security: a novella

Sup everyone,

The tl;dr is that I recently eavesdropped a long conversation/FUD about "linux is the most secure OS blah blah..." Their claims were without support. It makes me cringe when people peddle misinformation about Linux-based operating systems (and when they call Linux an operating system...).

Still, it got the gears turning, and I realized, it's been a hot minute since I did anything in Linux that wasn't for professional end.

So, I wanted to open a topic for people to share facts, thoughts, or other info about Linux or Devuan security. The topic is open-ended. My interest is more to have a conversation about things we would not expect from Linux security. I know for a fact that our "frequent flyers" here bring a wealth of experience from a variety of backgrounds.

P.S.: It's been a minute since I posted here. I write software now and am working in the CyS field. I'll actually be working with an IoT/mobile security research team over the summer. Life is good.

Offline

#2 2022-04-04 16:29:48

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Devuan/Linux security: a novella

I'm no expert in such matters but I like to use this site to troll the #nonemoresecure crowd:

https://madaidans-insecurities.github.io/

The author is a security researcher and a Whonix developer so I think they actually know what they're talking about. Some good advice there.

The sad truth is that Windows is probably the most secure desktop operating system at the moment and Chrome is the most secure browser. Both are exceptionally poor in respect of privacy so I suppose that's the price to be paid.


Brianna Ghey — Rest In Power

Offline

#3 2022-04-04 17:06:03

siva
Member
Registered: 2018-01-25
Posts: 276  

Re: Devuan/Linux security: a novella

Sup HoaS,

Head_on_a_Stick wrote:

madaidan has some legit insights. Whonix is an interesting distro. Used it for research awhile back.

Further reading: https://www.reddit.com/r/linux/comments … about_the/

The sad truth is that Windows is probably the most secure desktop operating system at the moment and Chrome is the most secure browser. Both are exceptionally poor in respect of privacy so I suppose that's the price to be paid.

It is upsetting that businesses treat privacy as a commodity, not a right in and of itself. The early web had so much promise...

Last edited by siva (2022-04-04 17:07:37)

Offline

#4 2022-04-06 08:09:26

hevidevi
Member
Registered: 2021-09-17
Posts: 230  

Re: Devuan/Linux security: a novella

Archlinux wiki has a great section on Linux security.

https://wiki.archlinux.org/title/security

Ive never (touch wood) had security issues using Linux based distros. Windows years ago i did with all sorts of viruses when i visited certain websites out of curiosity.

Offline

#5 2022-04-06 09:44:17

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Devuan/Linux security: a novella

Devuan should be able to make use of the hardened malloc implementation provided by Whonix/Kicksecure ™:

https://www.kicksecure.com/wiki/Hardened_Malloc

I've had it working for Debian, the only caveat is that sysvinit does not support drop-in configuration snippets so the relevant scripts under /etc/init.d/ would have to be edited manually to add the LD_PRELOAD environmental variable. The changes would probably be over-written during package upgrades, or perhaps APT will ask if the file should be kept or replaced with the new version, not sure which.

EDIT: https://www.kicksecure.com/wiki/Debian ← that shows how to add the Kicksecure repositories, use with care and backup beforehand.

Last edited by Head_on_a_Stick (2022-04-06 09:48:56)


Brianna Ghey — Rest In Power

Offline

#6 2022-04-07 09:39:23

EDX-0
Member
Registered: 2020-12-12
Posts: 53  

Re: Devuan/Linux security: a novella

to use the hardened malloc without systemd wouldn't it suffice to add something like hardened-malloc.conf to /etc/ld.so.conf.d/ , you know like with the other ld configs?

Offline

#7 2022-04-07 10:05:04

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Devuan/Linux security: a novella

^ That would apply to all system scripts but not all will work with hardened malloc so the suggestion is to only load the hardened malloc for specific init scripts.


Brianna Ghey — Rest In Power

Offline

#8 2022-04-07 21:31:29

EDX-0
Member
Registered: 2020-12-12
Posts: 53  

Re: Devuan/Linux security: a novella

Perhaps adding a patch to the init scripts that can use hardened malloc, so that they can read a config like from /etc/default/hardened_malloc.config to use hardened malloc in a local LD_PRELOAD

Offline

Board footer