Opened 3 years ago

Last modified 3 years ago

#14723 new enhancement

Implement high security boot option

Reported by: kallisti5 Owned by: nobody
Priority: low Milestone: Unscheduled
Component: System Version: R1/Development
Keywords: security selinux Cc:
Blocked By: Blocking:
Platform: All

Description (last modified by kallisti5)

A configurable boot option to enable "high security" might be neat.

Such a setting could:

  • Disable all writable non-packaged directories (where lib's and add-ons could be injected.. we kind of have this already via disable user addons? Not sure if that will prevent *every* use of the non-packaged directories though)
  • Wipe tmp on boot
  • future: Whitelisting of package sources + trusted vendors as pkgman supports it.
  • Etc, as we think of features.

Just a random thought in passing :-)

Change History (5)

comment:1 by pulkomandy, 3 years ago

tbh, at some point this should be the default. And we should add a "I know what I'm doing" mode.

comment:2 by kallisti5, 3 years ago

Description: modified (diff)

comment:3 by kallisti5, 3 years ago

That's true. I'm looking at the increasing reports of viruses coming to linux in recent years, and our read-only system directories seem to be the biggest protection we have from such things.

A control panel tab somewhere for something like that might be useful... it'll be a contested "feature" likely. We could give lots of warnings, etc.

Buzz words: "Developer mode", "Unsecured system paths", "Advanced system access", etc

comment:4 by kallisti5, 3 years ago

"sehaiku" :P

comment:5 by axeld, 3 years ago

/tmp should already be cleaned on every boot.

As long as you can write to the packages directory, you can easily install new software. I don't quite see how the r/o file system can be of much help here. If you want security, sign the packages, and allow only signed one to run, starting with the boot loader.

Note: See TracTickets for help on using tickets.