Openwall Linux 3.0 — No SUIDs, Anti-Log-Spoofing

solardiz writes "Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of work on the project. Owl is a small, security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in the default install (yet the system is usable, including password changing); and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), 'make iso' & 'make vztemplate' in the included build environment, ext4 by default, xz in tar/rpm/less, 'anti-Debian' key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source."

Amazing Work

[metrix007]

While OpenWall won't see much adoption on it's own I do hope a lot of the work gets ported to other distributions so it is in common use.

Not trolling, but Linux Security is somewhat atrocious these days with the whole security via obscurity approach, so I for one have a better state of mind when I know I can protect myself even in the result of a succusful exploit.

Anti-debian key?

[gandhi_2]

Can someone explain (for real) the point of the 'anti-Debian' key blacklist?

Is it because of the Debian-specific vulnerability in OpenSSH? I thought that was a couple years ago.