Debian SbD
Mission Statement

"Debian: Secure by Default" is raised on the following mission statement:

"Debian: Secure by Default" is a project to examine various security feauters available to the open source community and bring those which do not cause end user complications to Debian's standard distribution. The goal is to make Debian GNU/Linux a simple but effective example of excellence in security, without sacrificing any of Debian's current or future ease of use.

"Debian: Secure by Default" is aimed at demonstrating and having implemented Debian as secure by default. The goal is to show that certain changes to the Debian base system will make Debian function *exactly* like normal Debian, except that powerful security features will deflect many attacks. In the end, those changes which the Debian developers find to be acceptable will be moved into Sid, and travel down to the next Debian Stable.

The only acceptable changes are those which do not make a default Debian install create any additional passwords or restricted access for any user (including root). These changes also must not induce a significant overhead, and must not cause packages distributed officially by Debian to cease to function. Those changes which affect third party packages must allow a method of disabling them.

The goal is to make the system seem identical to a normal Debian system in the view of the end user. The changes made to the system will be definitely visible to the Debian maintainers. These may include kernel patches, modifications to the method of compiling binaries, or configuration of other systems. Most if not all of these changes will be either independent of eachother or layerable; those which create large amounts of work for Debian maintainers may be rejected or delayed independent of others.

What Debian: SbD is not

"Debian: SbD" is not a security focused Linux distribution. It does not pursue the goal of becoming Adamantix or Hardened Gentoo. These distributions use non-transparent systems, such as RSBAC or SELinux, to control what users--including root--are allowed to do. Such systems would require the system administrator to enter in extra passwords and take a higher level of maintenance in doing his every day jobs.

"Debian: SbD" aims at utilizing currently available systems such as PaX and ProPolice/Stack Smash Protection to ship a system appropriately secured for general use. Enterprise systems will likely require a higher level of security, or a different nature of security. Home and office users, however, will benefit from a system capable of deflecting many--hopefully most--exploits appearing in user space software such as Apache or Firefox.

These changes will serve to make Debian GNU/Linux immune to the future possibility of worms similar in function to MSBlast and Sasser, as well as to malicious sites exploiting browser security flaws such as those inherited by Firefox from the recent libpng bug. They will not, however, protect data from local breeches, such as stolen passwords, init=/bin/sh, or boot disks.

D:SbD does not focus on non-transparent solutions such as MAC systems including SELinux and RSBAC, or aggressive firewalls such as anything similar to ZoneAlarm* or Norton Personal Firewall* on Windows*.

The difference between a transparent and a non-transparent solution is that a transparent solution will not normally produce any changes visible to the end user; whereas a non-transparent solution will be visible to the end user in any normal case, including the system administrator.

A MAC system would likely require root to log into a role in order to install programs; it may even require another user to log into that role and then use the su program to switch to root. If this behavior were changed such that root had access to everything, there would be no gains over using normal POSIX ACLs in favor of the MAC; thus, no usage of a MAC system in a way which is both transparent and effective is apparent to the D:SbD project at this time.

In contrast, Stack Smash Protection, PIE, and other modifications to executables are fully transparent. The changed executables and libraries will not affect any third party or first party programs negatively.

Systems such as PaX are a middle ground. PaX imposes system-wide changes which break certain programs. Debian can supply packages with marked binaries so that Debian-supplied programs don't break; however, programs compiled on-site and programs gotten from third party vendors may not come marked. The two solutions available are for the end user to mark such programs, or to use a non-PaX kernel. As long as this particular situation does not arise, though, this solution remains fully transparent.

*ZoneAlarm, Norton Personal Firewall, Windows, and all other trademarks mentioned herein belong to their respective owners and are used without permission. Contact nigelenki@comcast.net with any complaints and such trademarks will be removed ASAP.

Debian is a registered trademark of Software in the Public Interest, Inc. Linux is a Registered Trademark of Linus Torvalds. All trademarks are property of their respective owners. For any questions, comments, or complaints, e-mail nigelenki@comcast.net.