Technical Considerations
Packages and USE Flag selection
The primary consideration that goes into selecting packages is that Tin Hat is meant to provide a fully featured Desktop environment with all of the usual productivity software included.
In the attachments below, we give the output of the following which should give a full account of what went into build both the i686 and amd64 releases.
epm -a | sort
emerge -ep world
emerge --info
cat /etc/make.conf
Available services
There is a complex playoff between the services you provide and security. The following is an abridged list of the services provided:
- System services:
- metalog - system logger
- fcron - periodic scheduling daemon
- atd - scheduling daemon
- net.* - network services
- bluetooth - bluetooth services
- postfix - SMTP daemon
- sshd - secure shell daemon
- nfs - network file system services
- mdadm - raid services
- lvm - logical volume management services
- rsyncd - rsync daemon
- samba - samba services
- iptables / ip6tables - firewall services for IPv4 and IPv6
- Desktop services:
- xdm - Gnome desktop manager
- cupsd - printer daemon
- esound - sound daemon
- vnc - remote desktop service
- avahi - daemon / avahi-dnsconfd - discover Zeroconf services on a local network
Of these, the following are started at boot.
- atd
- fcron
- metalog
- net.* for lo and non-wireless NIC interfaces
- postfix
- sshd
- xdm
Services should not be started if they are not needed to minimize opportunities for exploit. Note: starting some services, like cups starts avahi-daemon to discover LAN printers.
Kernel Configuration
The kernel configuration is as extreme as the RAM usage. We employ a monolithic kernel with support for almost all hardware. (There are a few exceptions where we had concerns.) The choice of a monolithic kernel is to prevent LKM's from being inserted during runtime, which is a security risk. It does, however, result in a 7+ MB kernel. Nonetheless, we have not noticed any appreciable performance loss as a result.
GRSEC/PaX hardening is turned on. We enabled as many hardening features as possible without breaking the system, particularly the X server. This means we could not deny writing to /dev/kmem, /dev/mem, and /dev/port, or disable privileged I/O, which breaks X, but closes some serious security loops.
The following information is for the latest release:
| Attachment | Size |
|---|---|
| epm-qa.amd64.txt | 10.23 KB |
| emerge-world.amd64.txt | 41.7 KB |
| emerge-info.amd64.txt | 3.33 KB |
| make-conf.amd64.txt | 681 bytes |
| kernel-config.amd64.txt | 53.1 KB |
| epm-qa.i686.txt | 10.26 KB |
| emerge-world.i686.txt | 41.89 KB |
| emerge-info.i686.txt | 3.34 KB |
| make-conf.i686.txt | 691 bytes |
| kernel-config.i686.txt | 54.32 KB |