Trusted Debian has released 1.0 of their distribution. Trusted Debian provides a Linux environment with features like RSBAC for access control and PaX to provide overflow checking. And a demonstration can be found here.
Trusted Debian 1.0 Released
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
I swear to god, the Debian and especially the GNU folks have the worst kind of not-invented-here syndroma. OpenBSD has existed for a longer amount of time, is more proven and can do much more than Trusted Debian can. One could argue it’s all about choice, but this one really escapes me.
What can I say, just calm down. Inovation is good, and Debian has a certain direction where it goes. If you don’t like it stick with something else, just don’t come up with sh*t like this. Ok? There are allot of good flavors out there and you have the freedom to choose. Ok?
Trusted Debian is Linux. OpenBSD is BSD. Which part didn’t you understand?
Trusted Debian wants to become the OpenBSD of the Linux world and more power to them.
Security is good….mmmmm
Its better than other trusted stuff we know about…lol
People always seem to say “What about OpenBSD”. This is a clueless comment. Is OpenBSD the only OS that should exist, or just the OS that should be secure? I am not clear what the point is? Should all other OSes except OpenBSD take no measures against buffer overflows?
I run OpenBSD *AND* Trusted Debian. Both have a place in my network. I prefer Debian for the desktop, but just because it is a desktop, does not mean I want buffer overflows.
More than one OS may have the same feature. That is okay!
I swear to god, the Debian and especially the GNU folks have the worst kind of not-invented-here syndroma. OpenBSD has existed for a longer amount of time, is more proven and can do much more than Trusted Debian can.
In my opinion, Debian is known for one thing above all else: its packaging system and tools. Trusted Debian is attempting to provide a high degree of security with the ease of Debianized administration. OpenBSD on the other hand does not provide a means of automatically patching an OpenBSD system with the same degree of simplicity and ease as provided by Debian.
“I swear to god, the Debian and especially the GNU folks have the worst kind of not-invented-here syndroma. OpenBSD has existed for a longer amount of time, is more proven and can do much more than Trusted Debian can. One could argue it’s all about choice, but this one really escapes me.”
GNU & BSD groups borrow from each other all the time. OpenBSD comes up with some new thing and 6 months later it is in FreeBSd. Debian decides it will port to the NetBSD kernel. This sort of thing happens all the time. The only difference here between proprietary and free or open vendors, is the proprietary adopt competitor’s features to make it their own, in secret, whereas, with Debian & BSD it is all out in the open.
Where is TrustedHURD???
Where is HURD???
;o)
To me this trusted debian seems more or less like someone googled for security patches and simply applied them all..
To me this trusted debian seems more or less like someone googled for security patches and simply applied them all..
Applied them all, eh? Why don’t you try applying both RSBAC and grsecurity to the same kernel source tree and get back to us on how that goes for you…
2 Oscar:
“I run OpenBSD *AND* Trusted Debian. Both have a place in my network. I prefer Debian for the desktop, but just because it is a desktop, does not mean I want buffer overflows.”
Ahh, yeah right. So you run Trusted Debian on your desktop. Trusted Debian… which doesn’t have any X packages or X applications whatsoever. OOPS.
2 Incestuous:
“GNU & BSD groups borrow from each other all the time. OpenBSD comes up with some new thing and 6 months later it is in FreeBSd. Debian decides it will port to the NetBSD kernel. This sort of thing happens all the time. The only difference here between proprietary and free or open vendors, is the proprietary adopt competitor’s features to make it their own, in secret, whereas, with Debian & BSD it is all out in the open.”
GNU borrows from *BSD. *BSD can’t borrow from GNU, because of GPL, which is a restrictive proprietary license. The only GPL code the *BSD projects include is the code they absolutely HAD to use, like ext2 support in FreeBSD. And thsi also forced them to disable the compilation of ext2 support into thee default kernel, because that would make the entire kernel GPL.
GNU is no better than Microsoft. They embrace, extend and attempt to extinguish. Have you looked into POSIX standards ? Now look into GLIBC. If that’s not proprietary, I don’t know what is.
Hi!
I see there are some misconceptions about the Trusted Debian project.
First of all, OpenBSD may exist for a longer time, that does not mean it provides the same kind of functionality. The kernel based buffer overflow protection in OpenBSD is not as good as the one provided by PaX. PaX is about 2.5 years old whereas the OpenBSD people started hacking at this kind of stuff in August 2001, after HAL 2001 was over. Furthermore, there is no equivalent to RSBAC in OpenBSD (see http://www.rsbac.org).
Trusted Debian is not trying to be the “OpenBSD of the Linux world”. I would like to see other distributions (especially Debian) to add this kind of functionality. And as such, the project is a means, not a goal in itself.
About googling patches and applying them. Try to do it for yourself and see how much effort it takes to get the same result. Especially getting RSBAC to work with the Debian kernel source and making it easier to link binaries to use PaX address layout randomization. Not to mention changing many packages to make use of these security features.
Regarding the X packages. You can mix Trusted Debian packages with Debian Woody packages, if you are careful. It might not work with every package, but probably does for most packages. It will still give you some extra security (as you can see from the demo page at the Trusted Debian web site, where Debian Woody Samba version is run on an a Trusted Debian kernel).
BSD is perfectly able to copy from GNU. The GPL licence applies to code, not ideas. You can look at someone’s GPL code to find out how it works and then write your own code according to those ideas.
Anyways, I hope some things are now more clear.
Groetjes,
Peter Busser
“because of GPL, which is a restrictive proprietary license.
[snip]
GNU is no better than Microsoft. They embrace, extend and attempt to extinguish. Have you looked into POSIX standards ? Now look into GLIBC. If that’s not proprietary, I don’t know what is.”
Yeah, and who owns the world, BSD or Microsoft?
Microsoft has proven that you can conquer the world using proprietary restrictive licenses and even gaining respect. Therebefore, the GPL being a proprietary restrictive license is a good thing.
Work with them or be destroyed. You choose to be destroyed.
“Yeah, and who owns the world, BSD or Microsoft?
Microsoft has proven that you can conquer the world using proprietary restrictive licenses and even gaining respect. Therebefore, the GPL being a proprietary restrictive license is a good thing.
Work with them or be destroyed. You choose to be destroyed.”
Microsoft has earned no respect whatsoever because of their proprietary restrictive licenses. And the fact that they “own” the world is by no means a good thing. I’d prefer to live in a monoculture, which Microsoft is trying to eradicate so badly (or rather, attempts to prevent the existance of one). I really don’t know what you are smoking if you think that “One world, one way, one program” is a good thing.
“Microsoft has earned no respect whatsoever”
No respect? “No respect”? In a previous OSNews article a few people (including Eugenia) said they admire Bill Gates because he’s a good businessmen, dispite all the proprietary restrictive licenses!
Here, more people who obviously respect Microsoft:
http://geraldholmes.freeyellow.com/“ http://download.com.com/3302-2353-10175137.html?pn=3&fb=1“>http:…
http://www.chook.net/bbs2/messages/1297.html“ http://slashdot.org/comments.pl?sid=61526&cid=5777481&pid=5777481&s… (yes, even Slashdot!)
If you can read Dutch, go to http://www.webwereld.nl and see how many pro-Microsoft people defend MS and mod down Linux every time there’s an article about MS or Linux. Not to mention all http://members1.chello.nl/~h.lai/immature-windows-elitists.png“>… .
And this is just the top of the iceberg.
That was a bad troll, try better next time.
You just can’t stand the proof.