Technical Considerations

Packages and USE Flag selection

The primary consideration that goes into selecting packages is that TinHat is meant to provide a fully featured Desktop environment with all of the usual productivity software included.

In the attachments below, we give the output of the following which should give a full account of what went into build both the i686 and amd64 releases.

equery list "*"
emerge -ep world
emerge --info



Available services

There is a complex playoff between the services you provide and security. The following is an abridged list of the services provided:

  • System services:
    • syslog-ng - system logger
    • cronie - periodic scheduling daemon
    • net.* - network services
    • bluetooth - bluetooth services
    • postfix - SMTP daemon
    • sshd - secure shell daemon
    • nfs - network file system services
    • mdadm - raid services (DEPRECATED 20110613)
    • lvm - logical volume management services
    • rsyncd - rsync daemon
    • samba - samba services
    • iptables / ip6tables - firewall services for IPv4 and IPv6
  • Desktop services:
    • xdm - Gnome desktop manager
    • cupsd - printer daemon
    • alsasound - sound daemon
    • avahi-daemon / avahi-dnsconfd - discover Zeroconf services on a local network

Of these, the following are started at boot.

  • atd
  • cronie
  • syslog-ng
  • net.* for lo and non-wireless NIC interfaces
  • postfix
  • sshd
  • xdm

Services should not be started if they are not needed to minimize opportunities for exploit. Note: starting some services, like cups starts avahi-daemon to discover LAN printers.
Note: the information on services is not up to date and will need to be modified to reflect the new changes...eventually. :)



Kernel Configuration

The kernel configuration is as extreme as the RAM usage. We employ a monolithic kernel with support for almost all hardware. (There are a few exceptions where we had concerns.) The choice of a monolithic kernel is to prevent LKM's from being inserted during runtime, which is a security risk. It does, however, result in a 7+ MB kernel. Nonetheless, we have not noticed any appreciable performance loss as a result.

GRSEC/PaX hardening is turned on. We enabled as many hardening features as possible without breaking the system, particularly the X server. This means we could not deny writing to /dev/kmem, /dev/mem, and /dev/port, or disable privileged I/O, which breaks X, but closes some serious security loops.



The following information is for the latest release: