Add Gentoo Linux, Void Linux and Alpine Linux

In Linux Hardening Guide by Madaidan, the author recommends the following suggestions for a secure Linux distro:

• Avoid distributions that freeze packages, as they are often quite behind on security updates.
• Use a distribution with an init system other than systemd. systemd contains a lot of unnecessary attack surface and inserts a considerable amount of complexity into the most privileged user space component; it attempts to do far more things than necessary and goes beyond what an init system should do. An init system should not need many lines of code to function properly. While a common argument in favour of systemd is its ability to sandbox system services, this can be replicated on other init systems through sandboxing utilities like bubblewrap, as documented below.
• Use musl as the default C library. musl is heavily focused on minimality, which results in very small attack surface, whereas other C libraries such as glibc are overly complex and prone to vulnerabilities. For example, over a hundred vulnerabilities in glibc have been publicly disclosed, compared to the very few in musl. While counting CVEs by itself is often an inaccurate statistic, in this case, it represents an overarching issue and is symptomatic of underlying security issues. musl also has invested in decent exploit mitigations, particularly its hardened memory allocator, heavily inspired by GrapheneOS’ hardened_malloc.
• Preferably use a distribution that utilises LibreSSL by default rather than OpenSSL. OpenSSL contains tremendous amounts of totally unnecessary attack surface and follows poor security practices. For example, it still maintains OS/2 and VMS support — ancient operating systems that are multiple decades old. These abhorrent security practices are what led to the dreaded Heartbleed vulnerability. LibreSSL is a fork of OpenSSL by the OpenBSD team that applies superior programming practices and eradicates a lot of attack surface. Within LibreSSL’s first year, it mitigated a large number of vulnerabilities, including a few high severity ones.

The best distribution to use as a base for your hardened operating system would be Gentoo Linux, as it allows you to configure your system exactly how you want it to be, which will be extremely useful, especially when we come to more secure compilation flags later in the guide.

However, Gentoo may not be feasible for many people due to its significant usability pitfalls. In this case, Void Linux’s musl build or Alpine Linux would be a good compromise.

Note that this guide has been mentioned a lot on Reddit, so I also wonder how PG team thinks about it. If the arguments are still valid, shouldn’t we adopt the suggestions? Or are there more concerns that the guide failed to cover?
Thanks!

I’m not going to debate each point. I have used the distributions he suggests for various projects and purposes. The article does cherry pick certain points from history and tries to make some conclusion out of it.

Preferably use a distribution that utilises LibreSSL by default rather than OpenSSL.

In fact some distributions have changed back to OpenSSL. Alpine Linux being one of them as they had issues with it. Now they are thinking of changing back again consider LibreSSL as default OpenSSL provider again (#28) · Issues · alpine / TSC · GitLab.

For regular desktop usage, void, alpine and gentoo are quite painful, and unless you want to do a lot of tinkering. The reason we like Archlinux (which I might add is one of the distributions Madaidan uses) is because of it’s reproducible builds. You probably don’t need optimized useflags (those can often cause crashes) and very specific edge cases. It’s not going to make your computer noticeably faster, and only marginally more secure, which can also be better achieved by something like Qubes-OS anyway.

The whole hardening guide there lacks any specific threat model and I wouldn’t recommend using it because it unless you have a way to keep track of all the changes you’ve made. You should understand what each change means, and how it may impact your usage. There are a very manual changes to the distribution which will no doubt cause issues and be possibly overwritten with system updates. A question you should be asking yourself, is that if a distribution requires a 100 manual knobs to be changed to make it “secure” don’t you think there is some issue with the guide and suggestions?

Alpine isn’t a very nice desktop distribution. Sure, it works well for containers (particularly as they don’t include init), but besides that it doesn’t really get a lot of real-world usage. I’ve used it before, it lacked things like polkit rules to decrypt encrypted removable storage, and lagged behind on using iptables-nftables for some significant amount of time. OpenRC is barely maintained and suffers from race conditions sometimes, is clunky and generally horrible to use. There was some effort to change to s6: Let's build a new service manager for Alpine! | Ariadne's Space

Most of the things mentioned in that guide aren’t particularly important for a device behind another firewall, such as a internet router.

Regarding Musl, sure it’s nice to have support for that, but you can expect desktop based workloads to be less stable with it, particularly as there is less testing with it in general. Expect crashes, expect segfaults on desktop apps you might use. So there are pros/cons to a lot of things suggested there.

We’re not saying that you shouldn’t use them if you’re willing to invest the time, just that we don’t have experience on that to provide any kind of assistance.

The main reason we recommend Fedora, is because out of the box it has some pretty sane defaults. People like to link to Maidaidan’s articles without actually even understanding what they are talking about, because they think it makes them sound smart. That is why it gets linked on Reddit regularly.

Imagine if your grandmother read the PG guides that the team wrote, featuring Gentoo. Now she asks you to run Gentoo on her device and keep it updated. All the time.

Also in granny’s mind, each time you refuse you update her machine, your inheritance decreases.

Because of granny’s clout, she then tells and convinces her friends to switch to Linux and then you get to manage it too. Some switches to Void and some switches to Alpine…

You might not convince people to switch but when you do, it might turn into a support scaling issue in the future.