On Mon, Mar 15, 2010 at 11:54 PM, Karthikeyann G A <g.a.karthikeyan at gmail.com> wrote: > Hi, > We are a team of 4 members studying MTech IT in International Institute of > Information Technology, Bangalore. We are trying to create a Distribution > using Opensolaris. As a part of Operating Systems project, we are trying to > create a secure version of OpenSolaris running only thunderbird client. The > Operating System is secure in the sense that it should not load the Hard disk > so that people can boot the OS with the help of a CD or USB media. The main > aim is to isolate the Hard Disk from hackers when connected to unsecure > public network (Airports etc) for the need of checking mail. We require some > help regarding this. > ?We figured out that the distribution constructor (distro_const) will help > out lots towards this. But we are having tough time in figuring out the > correct way of removing the access to the Hard Disk. Your assistance in this > regard would prove to be very helpful. > ?I am attaching the manifest file which has the list of packages we are > installing. And more over we are facing a problem with loading the gnome > properly. When we try to run the gnome-session its giving the following error. > > as jack (live cd user) > gnome-session:602 > > As root > gnome-session:610 >
You'll have to run: /usr/X11/bin/xinit gnome-session Sorry for not being clear earlier. It is not enough to simply boot off a CD to disable hard disk access. It can always be mounted. What is needed is to selectively disable access to hard disk device nodes. While I am not sure whether a direct mechanism exists to do such a thing, there are two alternatives that you can look at. One is to use Labeled Security in Trusted Extensions to restrict access to disk devices (except CDROM), other is to start a Zone by default and run the desktop inside the zone. It is possible to not expose hard disk devices inside the zone so processes running in the zone do not see them. Since your project deals with security the Trusted Extensions piece seems to be more apt and to my knowledge there has been no demo livecd created to showcase this technology. It will enable you to learn a new security framework. Trusted Extensions is also integrated with the Gnome Desktop available on OpenSolaris. Good resources for this technology are present at the TX community group site: http://hub.opensolaris.org/bin/view/Community+Group+security/tx The blog of Glenn Faden, Trusted Extensions architect is also a good resource: http://blogs.sun.com/gfaden/ However I have never used Trusted Extensions so cannot guide you in that. You should ask for guidance at security-discuss at opensolaris.org If you have trouble with this approach and want to use Zones or have other livecd related issues then this list is the right place to discuss those. I will check the manifest file and let you know. Regards, Moinak. -- ================================ http://www.belenix.org/ http://moinakg.wordpress.com/
