Linux in the news
All in one big page
See also: last week's Security page.
A wealth of secure distribution projects. Last week we reported on
the Secure Linux project, and
mentioned Kha0s as well. With another
addition this week, there are now three different efforts underway to
create a secure Linux distribution. They are (stealing from Rik van Riel's
Diversity is good and all that, but one wonders if there might not be a
substantial amount of duplication of effort between these projects. Partly
to address those concerns, Rik van Riel has created the secure distributions mailing list which is
intended to be a means of communication between the projects.
- Secure Linux aims at the
creation of a highly secure distribution for server systems. Strong
cryptography will be an important component of the distribution. This
project has not yet decided which distribution, if any, it will use as a
base, though there seems to be a certain leaning toward Debian.
- Kha0s is starting from scratch to
create a minimal secure distribution. Kha0s is the oldest of the projects,
and actually has some code available.
- Bastille Linux, which was just
announced last week, will be starting with Red
Hat 6.0 and creating a distribution which is intended for desktop systems.
They plan to have their 1.0 release out by October.
ipopd problems. The ipopd POP daemon distributed with Debian 2.1
turns out to have a problem that can, if properly exploited, allow access
to remote persons. The Debian project has issued an updated package which fixes the problem; installing this fix is
probably a good idea.
Fixes for the 2.2 denial of service problem have trickled in from
some of the distributions. Here are announcements from Debian, Mandrake,
Caldera has issued security updates for the
dump packages for OpenLinux 2.2 (the
dump one also applies to 1.3). Upgrades are, as always,
Section Editor: Liz Coolbaugh
June 10, 1999