Opened 6 years ago
Last modified 6 years ago
#14723 new enhancement
Implement high security boot option
| Reported by: | kallisti5 | Owned by: | nobody |
|---|---|---|---|
| Priority: | low | Milestone: | Unscheduled |
| Component: | System | Version: | R1/Development |
| Keywords: | security selinux | Cc: | |
| Blocked By: | Blocking: | ||
| Platform: | All |
Description (last modified by )
A configurable boot option to enable "high security" might be neat.
Such a setting could:
- Disable all writable non-packaged directories (where lib's and add-ons could be injected.. we kind of have this already via disable user addons? Not sure if that will prevent *every* use of the non-packaged directories though)
- Wipe tmp on boot
- future: Whitelisting of package sources + trusted vendors as pkgman supports it.
- Etc, as we think of features.
Just a random thought in passing :-)
Change History (5)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 6 years ago
That's true. I'm looking at the increasing reports of viruses coming to linux in recent years, and our read-only system directories seem to be the biggest protection we have from such things.
A control panel tab somewhere for something like that might be useful... it'll be a contested "feature" likely. We could give lots of warnings, etc.
Buzz words: "Developer mode", "Unsecured system paths", "Advanced system access", etc
comment:5 by , 6 years ago
/tmp should already be cleaned on every boot.
As long as you can write to the packages directory, you can easily install new software. I don't quite see how the r/o file system can be of much help here. If you want security, sign the packages, and allow only signed one to run, starting with the boot loader.
tbh, at some point this should be the default. And we should add a "I know what I'm doing" mode.