Slashdot Mirror
NAI Labs releases LOMAC, a kernel security extension
Tim Fraser writes "NAI Labs
has released a new version of the
Linux LOMAC kernel extension
, their latest in a series of security
extension products they're involved with -- ranging from
components of TrustedBSD to SELinux. LOMAC provides a drop-in
security solution that does not require extensive administration unlike
other kinds of Mandatory Access control (MAC). There's a port of LOMAC to FreeBSD in the works. The release announcement has more details.
(oh, and I think fp, but I'm not sure)
"Giving money and power to government is like giving whiskey and car keys to teenage boys" P. J. O'Rourke
I'm glad to see Linux stuff catching up with the amount of security technology that has been out there in the world. If only RWatson would port jailng to Linux, it'd be probably one of the best platforms for security, since so much cool stuff does tend to get developed. Fad or not, the attention and dollars that are put into Linux make it worthwhile.
--
Commercial software rhetoric.
--
With all of that aside though, any kind of thing like this has got to be good. When high-up people see that something like Linux is getting support like this, they (in my experience) become a little less afraid of it. Didn't Microsoft claim to have some kind of security certification on NT or something like that? My memory is getting sketchy so there's a damn good chance I'm wrong. But if Linux could have something similar to that... it would definitely be a start. To some people, fancy titles mean everything.
Mike.
--Ask a silly person, get a silly answer.
This is great news for the linux community. It's interestingthat commercial software vendors (vs OSS vendors) seem to think things like this for linux are not viable. Strange. Seems to work for me. Security by closed source is a variant on security through obscurity and we all know what a falacy this is.
Great Work Guys!
--CTH
--
--Got Lists? | Top 95 Star Wars Line
i.e. MAC address
now Media access control.
Maybe some standards would be great.
The slashdot 2 minute between postings limit: /.'ers since Spring 2001.
Pissing off hyper caffineated
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
RSBAC (http://www.linuxsecurity.com/feature_stories/feat ure_story-2.html)is better. We need to make an RSBAC module that is this simple to implement. That would be a *really* good thing. Also if I understand the link right this would by default make remote admin tasks impossible and that would suck.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
If they pretend to audit the code, can they call it secure?
--
Am I missing something, but how does this differ from giving every critical file the system immutable flag (under BSDs), then when the box has come up nicely you lift the security level, to something that enforces the chflags and doesn't let you change them?
Ok, so it's nice to just load it, and all your problems will go away. Anyways the standard user won't use it because they haven't heard of it, and they dont know how to get it or compile it.
Anyone with more experience about system should use something like LIDS or SELinux, which lets you do much more fine-grained control, and SELinux really rocks in this aspect. Of course SELinux isn't very stable yet, so using it on a web-server maybe ain't the worlds greatest idea, but this is where LIDS comes to play.
SELinux is of course very cool when building remote administration computers (one computer in the network and all remote administrators has to log in to it, and connect from it to the server they wan't to administer) or shell boxes.
So I really don't think this is anything great, or?
If they pretend to audit the code, can they call it secure?
:)
Since he pretends to be Theo, they can pretend to audit the code.
Saying that all software is equal when it comes to security is not Open Source rhetoric. It's sensibility.
--
Protect your computer from outside forces, befriend LOMAC of the forest people. He will pound intruders with sticks and release hounds upon persons who would scan your ports.
He shall call locusts to protect ftp, floods to guard again DoS and will conceal your serial ports with small bushes and shrubbery.
It is LOMAC! Flee!
He shall create small burrowing animals to scratch at the shins of Chinese hackers who would defile your graduate hompage. He will attach secret undersea creatures to the undersides of your mouse to protect you against static charges. He will warn you when you sit weird and your leg might fall asleep.
It is LOMAC! (Score:-1, Retarded).
Here's the text, unslashdotted. (what sucks is- I'm probibally going to get karma for this, though it dosen't require much effort or creativity. Alas, this is Slashdot =-P ) From owner-lomac-users Fri May 11 12:50:15 2001 Received: by lists.tislabs.com (8.9.1/8.9.1) id MAA02776 Fri, 11 May 2001 12:48:21 -0400 (EDT) X-Authentication-Warning: bucky.gw.tislabs.com: tfraser owned process doing -bs Date: Fri, 11 May 2001 13:12:12 -0400 (EDT) From: Tim Fraser X-Sender: tfraser@bucky.gw.tislabs.com To: lomac-users@lists.tislabs.com cc: tfraser@tislabs.com, rwatson@tislabs.com Subject: LOMAC v1.1.0 on FTP site Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-lomac-users@lists.tislabs.com Precedence: bulk Hi! LOMAC v1.1.0 is now available for download at: ftp://ftp.tislabs.com/pub/lomac/lomac-v1.1.0.tar.g z
Changes in LOMAC v1.1.0 since the last release (v1.0.5):
o Restructured argument handling to avoid time-of-check/time-of-use
errors.
o Added mediation on the addition and removal of directory entries.
o Changed all -EPERM ("operation not permitted") return values to
the proper value: -EACCES ("permission denied").
Summary of Changes in LOMAC v1.1.0 since the v1.0.0 release:
The 1.1.0 release improves LOMAC's protective functionality and makes
LOMAC easier to use. The 1.1.0 release features restructured system
call argument handling to addresses the time-of-check/time-of-use
problems present in the 1.0 release, and provides new mediation on
directory modification operations. With the 1.1.0 release, LOMAC's
default configuration allows the mounting of remote NFS filesystems
and the use of SSH for remote administration.
- Tim
I love the idea of any extensions or utilities to improve security or speed, however I dont think there can ever be a one step solution to either of these issues.
I'm currently working on a project that runs on an embedded linux system and after trying to boost security/speed i've come to the conclusion that the only way to be completly anal retentive about it is to know exactly how everything on the system runs, and then removing/modifying whatever is not needed.
Sorry if this is a bit offtopic but i'm just trying to stress that it's impossible to take a task such security and place it into the hands of an idiot with a powerful program. Linux users shouldn't think advancements like this will ever eliminate a saavy administrator. Props to NAI for developing a nice set of extensions as well.
The only statement that cannot be questioned, is that every statement can be questioned.
I just wrote a rebuttal to Kurt Seifried's humorous "Why Linux is more secure then OpenBSD" which can be found here.
So here's my two cents to it all. Having used Linux for some years then switching back to the BSD's (started with FBSD, now running Open for my server, and FBSD @ home) I'd have to say Linux is as much of a Joke as Windows is when it comes to security, and no I don't mean to be a troll.
People are forgetting some of the core basics involved with security. Auditing. If core codebase was audited prior to releasing a distribution, you wouldn't have that many security advisories coming forward. Sure the process can become tedious especially when your in a large network environment, but why should I run an insecure OS then download an add-on solution, when I could just download OpenBSD for hardcore security?
Give me a break sure lomac sounds great so does did bastille, so does SE-Linux but these to me are just patches. I'd rather take a secure by default installation any time.
And oh yea you could respond with limiting services being run, but that still doesn't account for all the patches you have to install because someone just released another advisory for Linux.
Anyways the article I wrote summarizes some good points and weak ones too. kudos
J. "sil" Oquendo
Uncommon Hax0rin6 Methids
Chief Hax0rin6 Office
AntiOffline.com
(security pimps should get a laugh off the sig
Want Root?
Of course drop-in security seems to be a bit of a holy grail that many companies continue to quest for be never achieve. See previous posts on eLiza (IBM's attempt at self-policing networks) and other such things (there is an idea-- a firewall that talks back to the admin...).
I will have to play with this.
LedgerSMB: Open source Accounting/ERP
The basic NT security *model* is excellent (particulary compared to the Unix owner/group/world model). It is the *implementation* of that model which sucks rocks. If it actually worked as designed, NT's security would be impressive. Compare this to OpenBSD. OpenBSD may be based on a dated security model, but it is a ROCK SOLID implementation of that model. It dosn't take a rocket scientist to figure out which one to use where security is critical.
Oh, come on, it isn't a troll, it is humor! :)
"Your superior intellect is no match for our puny weapons!"
> For all practical purposes, *BSD is dead.
Until of course Debian get around to putting out a BSD based debian, then i can see alot of people now using linux taking up using bsd like myself
meridian at tha.net
It is possible.
1. Remove network card.
2. Carry to wastebasket.
3. Drop it in.
Exactly right... er. I mean. HEY!
"Your superior intellect is no match for our puny weapons!"
I encountered quite bit of instability (say hello to my friend kernel panic!) running this on 2.2.19 with the openwall patches installed. I don't know who is being naughty, but I'd guess LOMAC since Solar Designer has a reputation for being a wonderful coder. OH... and it fucked up my system so getty thought it was still booting and only root could login. Promising though... when these issues are fixed I'll definately run it on my server. Good work. I'd like to see this (and ACLs) ported to OpenBSD also... I'm thinking about making an "ideal" armored server for fun next year and these would be cool features.
Oh, so he plays Mao
We just had a debate about this. Some folks say that BSDL is too open, but there's tons and tons of folks who say that only the BSDL is truly free. Well, this the natural consequence of that freedom; of using BSDL-- someone can relicense your code (hell, they can make it closed source). If you weren't prepared for that, if it's an unacceptable possibility, then the BSDL, was not the right license in the first place.
This is much lower-resolution tainting than Perl offers, since entire processes get tainted. This creates a few problems. The designers had to add some gimmickry associated with pipe handling so that you can spawn processes from the shell without tainting the parent shell.
The whole effort is designed to answer the question "Can mandatory security be made liveable?" Highly secure systems with mandatory security have been built, but are painful to use. This system does have some strong properties, and the authors claim it's usable without too much pain. It's thus a good step in the right direction.
I just tried using LOMAC on a box that was at a NOC remotely. It locked me completely out of my box, no way of connecting or anything. I'm contacting the NOC at this moment to lead them through de-installation.
This module is not for you unless it'll be used as a workstation which will not run any servers.
US businesses that currently accept chip and PIN/signature
With a machine in the next room that isn't soo bad. When the machine is 20 minutes away it can be a pain.
"Now, I hope and pray that I will, but, today I am still just a bill"
Now I hope and pray that I will But today I am still, just a bill
Hi!
:^)
The GPL vs. BSDL debate aside, I'd like to point out that LOMAC does not include TrustedBSD code. However, I've been talking to Robert Watson, TrustedBSD's creator, about porting LOMAC to TrustedBSD's framework sometime after I finish the FreeBSD port. Robert and I both work for NAI Labs; he's presently mirroring LOMAC to help with the slashdot effect.
We'll both be at the Kernel Security Extension BOF at the upcoming USENIX Annual Technical Conference this June. We'll be presenting TrustedBSD and LOMAC papers in the FreeNIX track as well. So, you can come interrogate us there, if you like.
- Tim Fraser, NAI Labs
I just thought it was funny that I work for a company called LOMAC Information Systems. har har har.
Bye.
"The purpose of learning is growth, and our minds, unlike our bodies, can continue growing as long as we live." - M.J. A
This is the same NAI that teamed up with the National Security Agency on SE Linux? Slashdot needs a comedy icon for this story.
4) Remove floppy drive
5) Configure system to boot w/o flo1ppy.
6) Carry drive to wastebasket
7) Drop it in.
Moof!
So this module would do things like make a exploitable bind hole useless? Why not just chroot jail bind and run something like openbsd with bind 4 (which is not as nasty as bind 8 and the evil swiss cheese bind 9) ??? Just an opinion :)