[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SECURITY: Patch for broken rc.sysinit in Mandrake 8.2
Mr. Ruusu:
Wow, I must admit that I had switched from Mandrake back to
RedHat for compatibility reasons in terms of installing software, but I
am very happy a distribution has found it useful to incorporate loop-aes
into its process of installing itself! I do hope RedHat does the same!
Mandrake is a very nice distribution in my view, but they do not
debug things quickly and perfectly enough for me, thus I feel it lacks
some stable aspects I get with RedHat. If it does become more
commercialized one day, it would definitely interest me to switch back
to it! Problem for me is, that I do consulting and I have to use a
distribution that is stable enough that it can also be deployed for
commercial applications, and I do not feel Mandrake is capable of that
kind of load or even if they offer 24/7 support for it at the moment,
nor (from my experience) is their quality control very good as I have
seen them release (in their last issue) a version which was chalk full
of bugulance, that is unacceptable for me to use in any distribution
which is destined for customers.
I think that perhaps it would be prudent for us to work on part
of the installation process of RedHat to see if RedHat's installer could
be made to be loop-aes friendly. If that could be done, perhaps RedHat
would also think about making loop-aes inclusive to their distribution
and install process?
If anyone is willing to make the modifications to the RedHat
installer I am willing to burn the modifications onto a CD-RW and boot
up the modified
CD-ROM and see if it works.
Very Respectfully,
Stuart Blake Tener, IT3 (E-4), USNR-R, N3GWG
Beverly Hills, California
VTU 1904G (Volunteer Training Unit)
stuart@bh90210.net
west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043
east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859
Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's
free!)
JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL.
Saturday, January 26, 2002 8:47 AM
-----Original Message-----
From: linux-crypto-bounce@nl.linux.org
[mailto:linux-crypto-bounce@nl.linux.org] On Behalf Of Jari Ruusu
Sent: Sunday, April 07, 2002 10:47 AM
To: Michel Bouissou
Cc: vdanen@mandrakesoft.com; warly@mandrakesoft.com;
linux-crypto@nl.linux.org; pplf
Subject: Re: SECURITY: Patch for broken rc.sysinit in Mandrake 8.2
Michel Bouissou wrote:
> Mandrake 8.2 comes with a kernel RPM including loop-aes.
>
> It is supposed to be able to do a lot of useful things with it,
including
> automatically encrypt swap partitions if wanted.
[snip]
> Feel free to give me your feedback and comments.
Not directly related to Mandrake init scripts, but next version of
loop-AES
will setup encrypted swap _without_ changes to init scripts. All user
needs
to do is to add "loop=/dev/loop?" and "encryption=AES128" options to
swap
lines in /etc/fstab and "swapon -a" and "swapoff -a" will take care of
all
encrypted swap setup work.
Example of /etc/fstab line:
/dev/hda666 none swap sw,loop=/dev/loop6,encryption=AES128 0
0
^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
I have attached new util-linux patches if someone wants to try them.
Compile and install like this:
bzip2 -d -c util-linux-2.11o.tar.bz2 | tar xvf -
cd util-linux-2.11o
patch -p1 <../util-linux-2.11o-1.diff
patch -p1 <../util-linux-2.11o-2.diff
./configure
make SUBDIRS="lib mount"
cd mount
install -m 4755 -o root mount umount /bin
install -m 755 losetup swapon /sbin
rm -f /sbin/swapoff && ( cd /sbin && ln -s swapon swapoff )
rm -f /usr/man/man8/{mount,umount,losetup,swapon,swapoff}.8.gz
install -m 644 mount.8 umount.8 losetup.8 swapon.8 swapoff.8
/usr/man/man8
rm -f /usr/man/man5/fstab.5.gz
install -m 644 fstab.5 /usr/man/man5
mandb
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/