Openwall GNU/*/Linux
– a Security-enhanced OS

Solar Designer and
Rafal Wojtczuk

Openwall GNU/*/Linux (Owl) is a security-enhanced
operating system with Linux and GNU software as its core,
compatible with other major distributions of GNU/*/Linux.
It is intended as a server platform. This presentation will
focus on concepts behind Owl, especially our approach to
security, and the features offered by Owl.
As opposed to most Linux distributions, in case of Owl
security and correctness have the highest priority. Owl
combines several approaches to reduce the number and/or
impact of flaws in its software components and impact of
flaws in third-party software that one might install on the
system. Notably, the proactive audit of critical system com-ponents
resulted in discovery and patching of many potential
One of Owl-specific solutions is the tcb suite, which is a
replacement for the traditional password-shadowing scheme.
Thanks to its careful design, the tcb scheme allows many
system utilities to operate with lowest possible privilege.
A functional overview of the tcb suite will be given.