|
Message-ID: <20101215232608.GA2098@openwall.com> Date: Thu, 16 Dec 2010 02:26:08 +0300 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com, owl-users@...ts.openwall.com Subject: Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project Hi, I am pleased to announce that we have made a new major release of Openwall GNU/*/Linux, version 3.0. ISO images of the CDs for i686 and x86-64 are available for download via direct links from: http://www.openwall.com/Owl/ The ISOs include a live system, installable packages, the installer program, as well as full source code and the build environment. The download size is under 450 MB (for one CPU architecture). Additional components, such as OpenVZ container templates, are available from the appropriate directories on the mirrors: http://www.openwall.com/Owl/DOWNLOAD.shtml Openwall GNU/*/Linux (or Owl for short) is a small security-enhanced Linux distribution for servers, appliances, and virtual appliances. Owl live CDs with remote SSH access are also good for recovering or installing systems (whether with Owl or not). Another secondary use is for operating systems and/or computer security courses, which benefit from the simple structure of Owl and from our inclusion of the complete build environment. This release marks roughly 10 years of our project - development started in mid-2000, and Owl 0.1-prerelease was made public in 2001. Curiously, most other "secure" Linux distros that appeared at about the same time are no longer around. (EnGarde Secure Linux appears to be the only exception, but it is completely different both in approach to security and in functionality.) With the 3.0 release, the Owl 2.0-stable branch is formally discontinued. We intend to proceed with further development under Owl-current and to maintain the newly-created Owl 3.0-stable branch until the next release, as usual. (Owl 3.0-stable will be made available as soon as it starts to differ from the 3.0 release.) Here's how upgrades from Owl 2.0-release, 2.0-stable, or from pre-3.0 Owl-current to Owl 3.0 may be performed: http://openwall.info/wiki/Owl/upgrade (To upgrade from an even older version of Owl, you need to upgrade to Owl 2.0-release in the same fashion first.) Compared to the December 9 snapshot of Owl-current, the 3.0 release makes some corrections to support upgrades from Owl 2.0 and it adds some security fixes to Perl (for issues that affected relatively obscure and inherently risky uses of Perl and its modules). This is documented in the change log: http://www.openwall.com/Owl/CHANGES-3.0.shtml The enhancements since Owl 2.0 are far more exciting. They include: x86-64 support, move to RHEL 5.5-like Linux 2.6 kernels (with additional changes), kernel in an RPM package designed to allow for easy non-RPM'ed kernel builds as well (optional), integrated OpenVZ container-based virtualization (optional), "make iso" and "make vztemplate" targets in the build environment (to easily generate new Owl CD images and OpenVZ container templates, respectively), ext4 filesystem support (in fact, Owl 3.0's installer offers ext4 by default, with ext3 and ext2 still available as options), xz compression support (LZMA, LZMA2) throughout the system (not only xz* commands, but also support in tar, rpm, less, color ls output), a few new packages (smartmontools, mdadm, cdrkit, pciutils, dmidecode, vzctl, vzquota, xz), lots of package updates, improved hardware compatibility and more intuitive installation process, credentials logging in syslogd (the sender's UID and PID are logged unless the sender is root), key blacklisting support in OpenSSH, and many other enhancements and corrections. A curious detail is that there are no SUID programs in a default install of Owl 3.0. Instead, there are some SGIDs, where their group level access, if compromised via a vulnerability, can't be expanded into root access without finding and exploiting another vulnerability in another part of the system - e.g., a vulnerability in crontab(1) or at(1) can't result in a root compromise without a vulnerability in crond(8) or in a critical system component relied upon by crond(8). Feedback is welcome via the owl-users mailing list. Specifically, you may use this opportunity to vote for changes to make and features to implement during post-3.0 development leading up to the next release. Enjoy! Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.