lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20101215234113.GA2569@openwall.com>
Date: Thu, 16 Dec 2010 02:41:13 +0300
From: Solar Designer <solar@...nwall.com>
To: bugtraq@...urityfocus.com
Subject: Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project

Hi,

I am pleased to announce that we have made a new major release of
Openwall GNU/*/Linux, version 3.0.  ISO images of the CDs for i686
and x86-64 are available for download via direct links from:

http://www.openwall.com/Owl/

The ISOs include a live system, installable packages, the installer
program, as well as full source code and the build environment.
The download size is under 450 MB (for one CPU architecture).

Additional components, such as OpenVZ container templates, are available
from the appropriate directories on the mirrors:

http://www.openwall.com/Owl/DOWNLOAD.shtml

Openwall GNU/*/Linux (or Owl for short) is a small security-enhanced
Linux distribution for servers, appliances, and virtual appliances.
Owl live CDs with remote SSH access are also good for recovering or
installing systems (whether with Owl or not).  Another secondary use is
for operating systems and/or computer security courses, which benefit
from the simple structure of Owl and from our inclusion of the complete
build environment.

This release marks roughly 10 years of our project - development started
in mid-2000, and Owl 0.1-prerelease was made public in 2001.  Curiously,
most other "secure" Linux distros that appeared at about the same time
are no longer around.  (EnGarde Secure Linux appears to be the only
exception, but it is completely different both in approach to security
and in functionality.)

With the 3.0 release, the Owl 2.0-stable branch is formally discontinued.
We intend to proceed with further development under Owl-current and to
maintain the newly-created Owl 3.0-stable branch until the next release,
as usual.  (Owl 3.0-stable will be made available as soon as it starts
to differ from the 3.0 release.)

Here's how upgrades from Owl 2.0-release, 2.0-stable, or from pre-3.0
Owl-current to Owl 3.0 may be performed:

http://openwall.info/wiki/Owl/upgrade

(To upgrade from an even older version of Owl, you need to upgrade to
Owl 2.0-release in the same fashion first.)

Many of the enhancements since Owl 2.0 are documented in the change log:

http://www.openwall.com/Owl/CHANGES-3.0.shtml

They include:

- x86-64 support;
- move to RHEL 5.5-like Linux 2.6 kernels (with additional changes);
- kernel in an RPM package designed to allow for easy non-RPM'ed
kernel builds as well (optional);
- integrated OpenVZ container-based virtualization support (optional);
- "make iso" and "make vztemplate" targets in the build environment
(to easily generate new Owl CD images and OpenVZ container templates);
- ext4 filesystem support (in fact, Owl 3.0's installer offers ext4 by
default, with ext3 and ext2 still available as options);
- xz compression support (LZMA, LZMA2) throughout the system (not only
xz* commands, but also support in tar, rpm, less, color ls output);
- a few new packages (smartmontools, mdadm, cdrkit, pciutils, dmidecode,
vzctl, vzquota, xz);
- lots of package updates;
- improved hardware compatibility and more intuitive installation process;
- credentials logging in syslogd (the sender's UID and PID are logged
unless the sender is root);
- key blacklisting support in OpenSSH;
- and many other enhancements and corrections.

A curious detail is that there are no SUID programs in a default install
of Owl 3.0.  Instead, there are some SGIDs, where their group level
access, if compromised via a vulnerability, can't be expanded into
root access without finding and exploiting another vulnerability in
another part of the system - e.g., a vulnerability in crontab(1) or
at(1) can't result in a root compromise without a vulnerability in
crond(8) or in a critical system component relied upon by crond(8).

Feedback is welcome via the owl-users mailing list.  Specifically, you
may use this opportunity to vote for changes to make and features to
implement during post-3.0 development leading up to the next release.

Enjoy!

Alexander

P.S. John the Ripper achieves over 50M c/s at cracking DES-based
crypt(3) on a quad-X7550 machine (32 cores, 64 logical CPUs), with one
of the OpenMP patches:

http://openwall.info/wiki/john/benchmarks
http://openwall.info/wiki/john/patches

It also achieves over 20M c/s on a more humble dual-X5460 machine
(8 cores, 8 logical CPUs), cracking 400k passwords from Gawker:

http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_password_dump

Oh, and there's a new OpenMP-enabled build for Mac OS X here:

http://www.openwall.com/john/#contrib
http://download.openwall.net/pub/projects/john/contrib/macosx/

This one is by Erik Winkler, as usual.

I just thought you might enjoy these items too. ;-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ