Rob van der Hoeven <[email protected]> wrote: >> A standard tactic for security is isolation of services. >> ... >> >> Clearly we cannot expect to use a separate machine >> for each FB service, but we need some strategy that >> limits the damage if any one service turns out to have >> a security flaw. Some list posts suggest using virtual >> machines, and that is one plausible solution, though >> costly. > > Hi Sandy, > > I am the one that suggested virtual machines, and i am using them at > this moment. ... > > In my opinion building a FreedomBox without using VM technology is very > dangerous.
To me, the question seems more complex and still open. It is clear that we need strong security, and therefore a carefully designed strategy for isolation. It is not clear to me that VM techniques are the way to go. There are plenty of other candidates. The OS provides mechanisms intended to do what we need, process isolation, chroot, file permissions and so on. There are extensions like SE-LInux and GRsecurity that give more. There may also be problems with the VM method. Random numbers are one. More-or-less all crypto depends on those. random(4) depends on the driver having access to things like mouse clicks and disk interrupts. I doubt that it will work well on a headless server with solid state disk, let alone in a VM. This is just one problem that seems obvious. Has anyone done a security audit on one of the VM methods? Without that, should it be trusted? > Not all the software running on the FreedomBox will be mature > and i expect a lot of serurity/stability issues. I tend to think only mature software should be used. There are other places for development and experiments. The box needs to be very solid. I wonder if Debian stable is solid enough, or if we should be aiming at something more like OpenBSD, an audited secure distro. _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss
