I'm looking into this Devil-Linux distribution for a firewall
application. My plan is to use a VIA EPIA motherboard and adding an
Ethernet PCI card to it. I like the idea to boot from a CD-ROM, though
I'm thinking about putting the configuration on the CD as well, as I
don't think it will change very often. I have an additional server that
can have services that need more changing configurations.
When surfing the web after secured distributions for above application,
I saw information about StackGuard compiler. This is a patch to GCC
2.7.2, which adds checks for stack overrun. This is to eliminate all
stack overflow security exploits.
The compiler can be used freely and can be downloaded as a whole or as a
for more information.
However, the compiler cannot be used on applications that looks into the
stack frames, i.e. kernel and applications that are to be debugged by
e.g. gdb. But the latter isn't a problem unless you develop your own
applications, and if so, have to use standard gcc while developing and
using StackGuard when doing the final compiling.
As for the kernel, you apparently have another solution, GrSecurity I
think you called. Using StackGuard, GrSecurity and chroot jails I'll
start to believe in the firewall security...
So the question is, do you use StackGuard already?
If not, would this be a viable option?
I'm also curious about how you do booting. Do you load all applications
to memory or do you run from CD-ROM all the time? Do you use the
read-only RAM file system (don't remember what its name is), or wouldn't
it add anything for the security?