Slashdot Mirror
$1.2M DARPA Contract for FreeBSD Security
NAI Labs has been awarded a $1.2 million contract for FreeBSD security development. The main focus for this contract is to develop the TrustedBSD security extentions. The name of the project is CBOSS, (Community Based Open Source Initiative), led by Robert Watson and Lee Badger, and such developers as Kirk McKusick, Poul-Henning Kamp, Jonathan Lemon, and Eivind Eklund will work on it as subcontractors. I am excited over the news; the press release can be found at NAI Labs' CBOSS website.
Cute troll... As a member of the BSD development team, I'd be happy to point out that: a) BSD doesn't have kernel pthread support, they use a Schedular Activation-based model in FreeBSD 5, and a user thread model in FreeBSD 4. b) They don't make people sign NDA's. Amazing how one person can fit so many useful technical words into a comment and have the result being so warped from reality.
Actually, it seems more likely the government is getting a great deal: by making the results open source, they'll get great technology transfer, and the developers do this stuff as volunteers anyway, so they're dedicated to doing it right, and will work outside their normal work day if they need to. It's hard to imagine a better pool of workers :-).
OK people who think it should be OpenBSD and not FreeBSD, you have to understand some basic concepts before you even talk.
/much/ differently then OpenBSD,
/features/. For example FreeBSD has kernel secure levels (-1, 0, 1 etc) that you can set to decide how secure you would like your kernel to operate, for example on higher security levels you can not open up /dev/mem or /dev/kmem for writing and other things, while on lower security levels you can do pretty much what a regulat OpenBSD or NetBSD can do by default.
/very slowly/ and carefully, they are adding TrustedBSD extentions, much improved SMP support (fine grained locking), and Kernel threads all at the same time, so they have to be careful and think before acting/commiting,
FreeBSD approaches security
OpenBSD audits their code and tries to remove every single bug before they release, they also improve cryptography preformance and support alot of ccrypto accelerated hardware, as well as basing much of their security on strong cryptography
FreeBSD, on the other hand looks for bugs and tried to eliminate them of course, but it is not it's main focus, and it is not its appraoch to security. What they do is have alot of security
Second off, Robert Watson (the guy who started TrustedBSD) is a core FreeBSD developer, and his chief job as a FreeBSD developer is security. OpenBSD has their ideas that they put into their OS, and this was just one of FreeBSD's idea's, he decided it would be nice to give FreeBSD Trusted OS extentions so he started developing it, he said many times on the TrustedBSD website that he was a FreeBSD developer and this project was a FreeBSD project, he said he is trying to make it as portable as possible and OpenBSD might be able to adopt it if they choose, but they have showed signed that they do not want to go this route with OpenBSD
So basicly the only reason the TrustedBSD might seem like a seperate project is because they are merging it into the FreeBSD kenrel
TrustedBSD never had a chance at being used on OpenBSD since it was started by a FreeBSD core team member who was in charge of FreeBSD security, and because it was a FreeBSD project all along
So FreeBSD will continue to take the security appraoch of fixing as much bugs as is practical to them, they will probably not spend years going through code looking for bugs like OpenBSD but they will add advanced security features
OpenBSD will probably continue along the same development model they are now with security in the Base system
As far as the port system goes you can't expect FreeBSD to secure every port, there are more than 5,500 piece of 3rd party software in the ports! if you think the program in unsecure don't install it
thanks
-Lional Will
Arrr! I've been trolled!
Anyway, if you have some Public Domain OS in mind, I'd love to hear about it. The BSD license is just about as close to Public Domain as you can get, with the only major restriction being that you can't simply grab the code and claim you wrote it (under the assumption that the other party has never heard of the code before).
So you have to give credit to the people who wrote the code (and not even in your advertising, just in the code itself). What more do you want?
Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
I read the internet for the articles.
My question is how is this really different from sudo? I have always thought that the root account (if only used by a very select few) was a good idea. Which security system do you trust more, the one with fewer more restrictive rules, or the one with more rules. It seems to me that as the number of rules increases, the possibility of someone being allowed to do something they shouldn't increases. See Dr. Strangelove.
JET Program: see Japan, meet intere
There was a slash dot article around usenix time saying that openbsd got some money too.
Not even Fortran programmers?
the government should take advantage of and improve public property whenever possible
That's why they're using a BSD licensed OS and not a GPL licensed OS, BTW
"Trusted" is just marketing language and has no official definition. The official definitions, at least for the US government, can be found in the NSA/NCSC rainbow books.
Mea navis aericumbens anguillis abundat
http://www.trustedbsd.com/ TrustedBSD The link was broken when I tried to click it. This is the correct one.
-Tom
--
send all spam to theotherwhitemeat@ropine.com
--
--
Victor Danilchenko
The thing of it is, even OpenBSD does not really have MAC support. You must have fine grained mandatory access control abilities for all parts of an OS if you want it to be secure, and to work well in a security-centric environment. even NT does this (to what level is debatable, of course. :)
I've been watching the various projects looking to develop MAC support for *BSD and I'm glad to see the TrustedBSD project actually going somewhere. I received the announce from them just a few minutes ago, oddly enough- slashdot beat me to seeing it even from them. wow.
Robert Watson knows his stuff, though, so this looks promising. I know I'm looking forward to seeing what they come up with; this seems like a much more sensible development strategy for the DoD, as opposed to funding GPL technologies that leave them hamstrung with distribution and reselling issues. I hope to see more projects like this, and hope that they roll that code back into FreeBSD for all of us civvies to use.
EOM
I wonder why they did not take OpenBSD as the starting point in the first place? After all, what good is some fance capability if you have not audited the framework to start with.
The solution under TrustedBSD is to delegate the root responsibilities to various executables. I'm not sure what this solves if root still has access to these new executables. Any ideas on how this will be accomplished?
The main idea is that you'll have a capability (for example) that says "this user can bind to ports numbered lower than 1024" and all executables that require such privileges will be only executable by that user (or some group, or whatever). If you make enough capabilities at a fine-grained level, then you'll be able to limit root's all-knowing, all-seeing power. Obviously this capability isn't a big one, but it's the only one I can quickly recall.
-sugarescent
Well the TrustedBSD extensions are FreeBSD based, Robert Watson is a FreeBSD developer so this makes sense.
this space for rent
er -- by partitioning scheme, I mean the parceling out of root capabilities to a number of user accounts, each of which is responsible for (and capable of) only a portion of what we think of as root activities, along with the notion of chroot jail to limit file system visibility.
:)
I should read more carefully
Even with sudo, if (by some means, a root kit, say) someone obtains a root shell, the system is at that moment totally vulnerable.
The idea behind the partitioning setup is that each exploit only grants access to a *part* of the system -- specifically the parts that the particular rootlet has access to. Using chroot for servers even partitions the file system limiting visibility to data.
IMHO the idea is a good one. It doesn't even make systems more difficult to setup/administer, if well done.
Hello?
You have "signed an NDA with the BSD dev team"?
How can you sign an NDA with a "core" (note: "core", not "dev") team, for an OS which is open source? That does not make any sense.
What on earth are you talking about? BSD/OS? FreeBSD? Open/NetBSD?
Finally, if there was such a thing as "a longjump right into the kernel" with "full root privileges", this thing would be all over Bugtraq right now... This is BSD, after all. Not some closed-source OS.
I think you may have a little bit of explaining to do...
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Does NAI labs have any connection to Bill Nye the Science Guy? If so, will we soon hear about The FreeBSD OS of Science on PBS?
The shareholder is always right.
Community /.
Based
Open
Source
Initiative (Where is the stupid 'S'???)
Spelling almost as good as
FYI securelevels/fileflags were invented by 4.4BSD - not FreeBSD - and *every* "still living" BSD does have them.
This will hopefully help in several areas, especially insecure third-party applications in the ports collection. Quite often the FreeBSD security team sends out warnings about some ports that have a root compromise but is they implement Manditory Access Controls in a Trusted OS, that should cut back on that big time.
0 50 9.html
.NET to FreeBSD and that if Oracle releases their Oracle client software for FreeBSD, others would follow. It is a solid platform that works very well. The best thing about FreeBSD project is that it is lead by developers, not number crunchers who push out beta code into consumer releases. Perhaps FreeBSD will start getting more credit on it's merits and rise above the buzz that popularized Linux.
Does anyone know much about all of this? From what I have read before, you can limit access of an application using control lists, but since I have never worked on a system with this feature I have no idea what it can do.
Good read...
http://www.securityportal.com/closet/closet2001
Anybody have an opinion on whether corporations would find FreeBSD to be more viable after these features are in the system?
I believe that if Microsoft actually follows through with porting
Linux is also a good OS, but when you have companies like Corel and others packaging any half-baked software projects into the distribution you end up with a dis-jointed environment. The opposite is true for MacOS X. Apple took some Open Source (FreeBSD, OpenSSH, etc) and packaged it with code that they wrote (Aqua, Quartz, NetInfo) to create a complete system.
The fact that Apple should be able to incorporate most of the changes to FreeBSD into Darwin/MacOS X is good news. Apple should add some money to the pot to help take it a little further, perhaps add more more developers and reduce the time it takes to complete some key features.
Brennan Stehling - http://brennan.offwhite.net/blog/
You can tell that it's a mistake in the title - no one writes 12. million. He just hit his 2 before his period. 12 million would be a lot cooler, but they'll take 1.2 million, I'm sure.
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
- List of gems to find at -1
- *BSD is Dead
- *Linux is Dead (*?)
- First Post
- Hot Grits (Decremented)
- Natalie Portman Naked (Decremented)
Hrmm... this list seems to be shorter than usual.... Well as always I thought I might point out the the "*BSD is Dying post" is the EXACT SAME TEXT as it always is. Do your modding... I don't have karma anywaysRemove *your pants* to send me email.
Mr. Praline : 'Ello. I wish to register a complaint.
Mr. Praline : 'Ello, Miss?
Owner : (turning around, very angry) What do you mean, "miss"?
Mr. Praline : I'm sorry, I have a cold.
Mr. Praline : I wish to make a complaint!
Owner : (hurriedly) Sorry, we're closin' for lunch...!
Mr. Praline : Never mind that, my lad. I wish to complain about this troll, what I purchased not half an hour ago from this very boutique.
Owner : Oh yes, the, ah, the BSD is dead... What's, ah... W-what's wrong with it?
Mr. Praline : I'll tell you what's wrong with it, my lad. It's dead, that's what's wrong with it.
Owner : No, no, 'e's ah... he's resting.
Mr. Praline : Look, matey, I know a dead troll when I see one, and I'm looking at one right now.
Owner : No no, h-he's not dead, he's, he's restin'!
Mr. Praline : Restin'?
Owner : Y-yeah, restin.' Remarkable troll, the BSD is dead, isn't it, eh? Beautiful plumage!
Mr. Praline : The plumage don't enter into it. It's stone dead!
Owner : Nononono, no, no! 'E's resting!
Mr. Praline : All right then, if he's resting, I'll wake him up!
(shouting at the cage)
'Ello, Polly! Mister Troll! I've got a lovely fresh cuttle fish for you if you wake up, Mr. Troll...
(owner hits the cage)
Owner : There, he moved!
Mr. Praline : No, he didn't, that was you pushing the cage!
Owner : I never!!
Mr. Praline : Yes, you did!
Owner : I never, never....
(He pulls the troll out of the cage and screams into its ear.)
Mr. Praline : 'ELLO POLLAAAAAAAY! POLL-EE! POLLY TROLL! WAKE UP!
(He bangs its head against the store counter, horribly hard.)
TESTIIIING! TESTIIIING! THIS IS YOUR NINE-O' CLOCK ALARM CALL!
(He does it again, harder.)
POLL-EEEEEEE!
(He tosses it up in the air and watches it plummet to the floor. Longish pause.)
Now that's what I call a dead troll.
Owner : No, no.... No, he's stunned.
Mr. Praline : STUNNED?
Owner : Yeah! You stunned him, just as he was wakin' up! BSD is deads stun easily, major.
Mr. Praline : Look my lad, I've had just about enough of this. That troll is definitely deceased, and when I bought it not half an hour ago, you assured me that its total lack of movement was due to it being tired and shagged out after a long squawk.
Owner : Well, he's... he's, ah... probably pining for the fjords.
(Praline looks angrily back and forth, stuttering.)
Mr. Praline : PININ' for the FJORDS? What kind of talk is that? Look, why did he fall flat on his back the moment I got 'im home?
Owner : The BSD is dead prefers kippin' on its back! Remarkable troll, isn't it, guv, eh? Lovely plumage!
Mr. Praline : (coldly) Look, I took the liberty of examining that troll when I got it home, and I discovered the only reason that it had been sitting on its perch in the first place was that it had been NAILED there.
(pause)
Owner : Well, of course it was nailed there! If I hadn't nailed that troll down, it would have nuzzled up to those bars, bent 'em apart with its little pecker, and VOOM!
Mr. Praline : "VOOM?"
(Praline puts the cage down and take the troll into his hands.)
Mr. Praline : Look matey, this troll wouldn't "voom" if you put four thousand volts through it! It's bleedin' demised!
Owner : It's not! I-It's pining!
Mr. Praline : It's not pinin,' it's passed on! This parrot is no more! It has ceased to be! It's expired and gone to meet its maker! This is a late troll! It's a stiff! Bereft of life, it rests in peace! If you hadn't nailed him to the perch he would be pushing up the daisies! Its metabolical processes are of interest only to historians! It's hopped the twig! It's shuffled off this mortal coil! It's run down the curtain and joined the choir invisible! This.... is an EX-TROLL!
(pause)
Owner : Well, I'd better replace it, then.
(He disappears behind the counter.)
Mr. Praline : (turning to camera) If you want to get anything done in this country you've got to complain 'til you're blue in the mouth.
(The owner returns.)
Owner : Sorry guv, we're fresh out of trolls.
Mr. Praline : I see. I see, I get the picture.
Owner : (quietly) I-I've got a slug.
(pause)
Mr. Praline : (sweet as sugar) Does it talk?
Owner : Not really, no.
Mr. Praline : Well, it's SCARCELY A BLOODY REPLACEMENT then, IS IT?
Owner : Listen, I'll tell you what, tell you what, if you go to my brother's pet shop in Bolton, he'll replace your troll for you.
Mr. Praline : Bolton, eh?
Owner : Yeah.
Mr. Praline : All right.
(He leaves.)
You give the right to modify /etc/passwd to the passwd program instead of giving it to the user 'root'.
/etc/passwd, it can't even if it has root privileges.
/etc/passwd without the passwd program. That means whatever he does, it will get logged - he of course can't delete the log files even if you have a log rotating program doing cleanups, only the log rotation program can do that etc.
If you then run a daemon as root, and someone finds an exploit in it allowing them to trick it to modify
Even if the hacker finds a root exploit in the daemon, and thus has a root shell, he can't modify
Blockqoth the AC, AKA Lional Will:
Ahem. OpenBSD has runlevels.
It's also best to remember that security is not a feature set, but rather a process and a frame of mind. OpenBSD is designed to give you a platform which gives you a good start for your security process. An OpenBSD system can be made very insecure, and most any other operating system can be made very secure. One of OpenBSD's goals, however, is to make security a bit easier.
Besides, should TrustedBSD turn out to be something worthwhile--and it's rather likely it will--there's an excellent chance it'll find its way into the other BSDs. There's a heck of a lot of cross-polination that goes on in the BSD world.
FreeBSD is very well suited to this kind of research. The other BSDs will benefit, just as all have benefited from OpenSSH, NetBSD's ports....
b&
All but God can prove this sentence true.
Not that I expect an AC to check for replies, but the point is, a corporation can take the software at no cost, but if they develop proprietary software on top of that we run the risk of having their value-added version of public goods supplant our public version of the software in popular usage. I realize that they have added value and deserve compensation for same, but there is no reason they should be allowed to build a proprietary product on top of public work, thereby obscuring all of the public portions of that same work.
I do not have a signature
I think the government should be able to use GPL (especially if there is a GPL piece of software they would like to work with). The original post brought up the point about the government using public money to develop a public resource and likened this to the public parks-- where public money goes to make sure the public has a place to go and do recreational stuff. The only way a corporation can prevent the public from using the park is to buy the park
The problem with a BSD-ish license is that it allows a private corporation to take advantage of a public resource without any compensation to the public. The libertarians (especially those tools that think corporations deserve the same rights as people) will argue that the corporation has theoretically paid taxes and therefore has as much right to the public resource as it needs. But when/if a corporation takes that public good and uses it to further their private development (and does not pass along the public resource in the same form they received it), then they have been given a freebie at the expense of society.
If we are going to give away public resources, we should be aware of it. And personally I'm against it. The GPL makes certain that a public resource remains a public resource, to which all users have the same right of access.
I do not have a signature
I've got no problem with Microsoft selling to Coke or Ford or whomever, but I think the government should take advantage of and improve public property whenever possible. This is the IP equivelent of public parks that everyone can enjoy and share. Instead of using our taxes to further the causes of private companies, we can use our taxes to improve software for everyone.
Uninnovate - Only the finest in engineering.
For everyone who thinks that they should have used OpenBSD, let me give you a heads up. Whenever you see the work "Trusted" in front of an OS name, it means that that version has been officially certified secure both in design and code audits. Trusted is the highest level of security available and is the only type of OS used for high security work. (Think FBI and CIA) Another example besides TrustedBSD is Trusted Solaris.
As for FreeBSD being the base for TrustedBSD, my understanding is that TrustedBSD was started by a branch of the FreeBSD team as thus used FreeBSD. Ok, enough shameless karma horing for today.
Javascript + Nintendo DSi = DSiCade
That sounds a lot like "we're going to work on the easy problems and start writing proposals for more grants."
I've worked on some DARPA grants. "Researchers" seem to expend at least as much effort catering to their project managers and trying to line up their next grant as they do actually taking on the project.
1.2M / 7people / 1.5 years = ~114K per person per year.
It looks like they paid paid their salaries (congrats). I hope they spend more time working on security problems than trying to figure out where the next big DOD grant is.
BSD, Linux... we may be different boats but its still the same ocean. So as a linux advocate, anytime something good happens for BSD or any other Open Source initiative its good for the community. And lets face it, this contract is huge for the community... not so much as in oh, well damn the government is going to fund FreeBSD, but as in the govt is going to fund an Open Source project. This is just another step down the road to general public acceptence... what will all of microsoft's FUD matter if Open Source (Linux and BSD) have the Fed, media and hundreds of thousands of brilliant programmers behind it?
can't sleep slashdot will eat me
We've seen quite a few of them listed in the blurb, but my favorite one is still Matt Dillon.
What a multi-talented guy.
In the introduction white paper section II.b (Fine-grained System Capabilities), they describe the root account as being a significat source of risk (if you're rooted, you're owned). The solution under TrustedBSD is to delegate the root responsibilities to various executables. I'm not sure what this solves if root still has access to these new executables. Any ideas on how this will be accomplished?
UNIX *is* user-friendly. Its just more selective on who its friends are. --Scott Adams
OpenBSD positions itself as a "Canadian" operating system to get around U.S. gov't regulations and the U.S. gov't doesn't like giving anything to Canada (except acid rain and fugitive criminals.)
They offered but Theo had one of his Turette-esque attacks during the negotiations and things went downhill from there.
Easier to convince Kirk to license the BSD daemon for the new $1 bill.