Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20101215232608.GA2098@openwall.com>
Date: Thu, 16 Dec 2010 02:26:08 +0300
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, owl-users@...ts.openwall.com
Subject: Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project

Hi,

I am pleased to announce that we have made a new major release of
Openwall GNU/*/Linux, version 3.0.  ISO images of the CDs for i686
and x86-64 are available for download via direct links from:

http://www.openwall.com/Owl/

The ISOs include a live system, installable packages, the installer
program, as well as full source code and the build environment.
The download size is under 450 MB (for one CPU architecture).

Additional components, such as OpenVZ container templates, are available
from the appropriate directories on the mirrors:

http://www.openwall.com/Owl/DOWNLOAD.shtml

Openwall GNU/*/Linux (or Owl for short) is a small security-enhanced
Linux distribution for servers, appliances, and virtual appliances.
Owl live CDs with remote SSH access are also good for recovering or
installing systems (whether with Owl or not).  Another secondary use is
for operating systems and/or computer security courses, which benefit
from the simple structure of Owl and from our inclusion of the complete
build environment.

This release marks roughly 10 years of our project - development started
in mid-2000, and Owl 0.1-prerelease was made public in 2001.  Curiously,
most other "secure" Linux distros that appeared at about the same time
are no longer around.  (EnGarde Secure Linux appears to be the only
exception, but it is completely different both in approach to security
and in functionality.)

With the 3.0 release, the Owl 2.0-stable branch is formally discontinued.
We intend to proceed with further development under Owl-current and to
maintain the newly-created Owl 3.0-stable branch until the next release,
as usual.  (Owl 3.0-stable will be made available as soon as it starts
to differ from the 3.0 release.)

Here's how upgrades from Owl 2.0-release, 2.0-stable, or from pre-3.0
Owl-current to Owl 3.0 may be performed:

http://openwall.info/wiki/Owl/upgrade

(To upgrade from an even older version of Owl, you need to upgrade to
Owl 2.0-release in the same fashion first.)

Compared to the December 9 snapshot of Owl-current, the 3.0 release
makes some corrections to support upgrades from Owl 2.0 and it adds
some security fixes to Perl (for issues that affected relatively obscure
and inherently risky uses of Perl and its modules).  This is documented
in the change log:

http://www.openwall.com/Owl/CHANGES-3.0.shtml

The enhancements since Owl 2.0 are far more exciting.  They include:
x86-64 support, move to RHEL 5.5-like Linux 2.6 kernels (with additional
changes), kernel in an RPM package designed to allow for easy non-RPM'ed
kernel builds as well (optional), integrated OpenVZ container-based
virtualization (optional), "make iso" and "make vztemplate" targets in
the build environment (to easily generate new Owl CD images and OpenVZ
container templates, respectively), ext4 filesystem support (in fact,
Owl 3.0's installer offers ext4 by default, with ext3 and ext2 still
available as options), xz compression support (LZMA, LZMA2) throughout
the system (not only xz* commands, but also support in tar, rpm, less,
color ls output), a few new packages (smartmontools, mdadm, cdrkit,
pciutils, dmidecode, vzctl, vzquota, xz), lots of package updates,
improved hardware compatibility and more intuitive installation process,
credentials logging in syslogd (the sender's UID and PID are logged
unless the sender is root), key blacklisting support in OpenSSH, and
many other enhancements and corrections.

A curious detail is that there are no SUID programs in a default install
of Owl 3.0.  Instead, there are some SGIDs, where their group level
access, if compromised via a vulnerability, can't be expanded into
root access without finding and exploiting another vulnerability in
another part of the system - e.g., a vulnerability in crontab(1) or
at(1) can't result in a root compromise without a vulnerability in
crond(8) or in a critical system component relied upon by crond(8).

Feedback is welcome via the owl-users mailing list.  Specifically, you
may use this opportunity to vote for changes to make and features to
implement during post-3.0 development leading up to the next release.

Enjoy!

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.