Openwall Linux 3.0: no SUIDs, anti log spoofing

solardiz writes: Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source.

Re:

[solardiz]

No, it does not. (That's not to mention that the problem "in OpenBSD" is probably a hoax.)

In context of another discussion, we've reviewed our Linux kernel source tree for relevant code from OpenBSD - there's none. Additionally, we don't include userland software for IPsec support - so it is not supported on Owl out of the box. Instead, OpenVPN may be easily installed and works great on Owl, and we might add it to the base system for the next Owl release. I am sending this comment via an OpenVPN tunnel bet