Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting System Binaries From Trojan Attack

Posted by timothy on from the matching-game dept.

junyoung writes "Brett Lymn has added verified exec to NetBSD-current, which verifies a cryptographic hash before allowing execution of binaries and scripts. This can be used to prevent a system from running binaries or scripts which have been illegally modified or installed. Verified exec can also be used to limit the use of script interpreters to authorized scripts only and disallow interactive use."

44 comments

  1. Will this really help? by itwerx · · Score: 0, Interesting

    If I'm writing a tool to break into a system which has this capability then I will simply pad my binary to match the size and tweak my code/data areas to be the same checksum.
    Yes it's a hurdle, but methinks a minor one...

    1. Re:Will this really help? by ChadN · · Score: 5, Informative

      "cryptographic hash" != "checksum"

      What you propose is not feasible, if a hash like SHA or even MD5 is used.

      --
      "It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
    2. Re:Will this really help? by Alethes · · Score: 2, Insightful

      If it were so easy to modify a working malicious binary to match the checksum/md5 or any other hash, why would it be used so often as a method of file verification? I'm thinking it'd be a lot harder to make this happen than you're implying.

    3. Re:Will this really help? by bootprom · · Score: 2, Informative

      Easier said than done.

      If they use a CRC, it could be difficult to get something to the same checksum. Even if it's only a 32 bit CRC, there are a lot of numbers between 0 and 2^32 - especially when they are the result of some unknown hash function.

      That's not to say it couldn't be done - the idea is akin to the 'The Club'(TM).....

    4. Re:Will this really help? by Anonymous Coward · · Score: 2, Insightful
      If I'm writing a tool to break into a system which has this capability then I will simply pad my binary to match the size and tweak my code/data areas to be the same checksum.

      Yes it's a hurdle, but methinks a minor one...

      Well, it would appear to be the case at first glance, but you have to remember that cryptographic hashes are designed to solve exactly this problem. It is much more difficult than you think.

      Or perhaps better stated: show me the code.

    5. Re:Will this really help? by blymn · · Score: 1

      Ummm *hello* is does actually say "cryptographic hash" in the article there. The fingerprint is either a md5 or a sha1 hash not a simple checksum. Though you could add a checksum method if you wanted a smoking hole in your foot.

    6. Re:Will this really help? by Anonymous Coward · · Score: 1, Informative

      It is. MD5 or SHA1 choice on a per-file basis. With the ability to add other algorithms as required.

    7. Re:Will this really help? by Anonymous Coward · · Score: 0

      Hashing function does not change the number of numbers between 0 and 2^32 ;-) Searching this space is trivial and can be done pretty quick (in a matter of hours). I really hope it's not *any* 32-bit checksum or shortcut.

  2. *BSD is dying by Anonymous Coward · · Score: -1, Troll
    It is official; Netcraft now confirms: *BSD is dying

    One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming close on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

    FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a cockeyed miracle could save *BSD from its fate at this point in time. For all practical purposes, *BSD is dead.

    Fact: *BSD is dying

  3. BSD Innovation by Alethes · · Score: 2, Interesting

    I'm not a big fan of BSD licensing, but I will say that I am impressed with the level of innovation that occurs in the BSD world. The ports system, foreign binary support and now this are all examples that really tend to make me see this community as leaders rather than followers in the OS world.

    1. Re:BSD Innovation by Anonymous Coward · · Score: -1, Troll
      What We Can Learn From BSD
      By Chinese Karma Whore, Version 1.0

      Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.

      Let's not be overly morbid and give BSD credit for its early successes. In the 1970s, Ken Thompson and Bill Joy both made significant contributions to the computing world on the BSD platform. In the 80s, DARPA saw BSD as the premiere open platform, and, after initial successes with the 4.1BSD product, gave the BSD company a 2 year contract.

      These early triumphs would soon be forgotten in a series of internal conflicts that would mar BSD's progress. In 1992, AT&T filed suit against Berkeley Software, claiming that proprietary code agreements had been haphazardly violated. In the same year, BSD filed countersuit, reciprocating bad intentions and fueling internal rivalry. While AT&T and Berkeley Software lawyers battled in court, lead developers of various BSD distributions quarreled on Usenet. In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.

      As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse. As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.

      Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development. BSD developers never heeded Mr. Raymond's lesson and insisted that centralized models lead to 'cleaner code.' Don't believe their hype - BSD's development model has significantly impaired its progress. Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.

      The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.

  4. *BSD is dying by Anonymous Coward · · Score: -1, Troll
    It is official; Netcraft now confirms: *BSD is dying

    One more crippling
    bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD
    market share has dropped yet again, now down to less than a fraction of 1 percent of
    all servers. Coming close on the heels of a recent Netcraft survey which plainly states
    that *BSD has lost more market share, this news serves to reinforce what we've
    known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by

    failing dead last in the recent Sys Admin comprehensive networking test.

    You don't need to
    be a Kreskin to predict *BSD's
    future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't
    be any future at all for *BSD because *BSD is dying. Things are looking very
    bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red
    ink flows like a river of blood.

    FreeBSD is the most endangered of them all, having
    lost 93% of its core developers. The sudden and unpleasant departures of long time
    FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point
    more clearly. There can no longer be any doubt: FreeBSD is dying.

    Let's
    keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there
    are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of
    OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are
    about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume
    of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put
    FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 =
    36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.



    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out
    of business     and was taken over by BSDI who sell another troubled OS. Now BSDI
    is also dead    , its corpse turned over to yet another charnel house.

    All major
    surveys show that *BSD has steadily declined in market share. *BSD is very sick and
    its long term survival prospects are very dim. If *BSD is to survive at all it will
    be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a cockeyed miracle
    could save *BSD from its fate at this point in time. For all practical purposes, *BSD is dead.


    Fact: *BSD is dying

  5. *BSD is dying by Anonymous Coward · · Score: -1, Troll
    It is official; Netcraft now confirms: *BSD is dying

    One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming close on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

    FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a cockeyed miracle could save *BSD from its fate at this point in time. For all practical purposes, *BSD is dead.

    Fact: *BSD is dying

  6. *BSD is dying by Anonymous Coward · · Score: -1, Troll
    It is official; Netcraft now confirms: *BSD is dying

    One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming close on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

    FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a cockeyed miracle could save *BSD from its fate at this point in time. For all practical purposes, *BSD is dead.

    Fact: *BSD is dying

  7. User friendly Palladium ? by Nicolay77 · · Score: 5, Interesting

    I've always thougth since the invention of Palladium and al RIAA stuff that the way it can be avoided is to make something better, more secure, and way more userfriendly.

    This looks like a good step in that direction. Yes, it's no the same, but that's exactly the point.

    --
    We are Turing O-Machines. The Oracle is out there.
    1. Re:User friendly Palladium ? by stevef · · Score: 4, Informative

      This is solving a different problem. The purpose of this is to prevent programs that the computer owner doesn't want to be executed. Palladium and that ilk aim to prevent programs that the entertainment industry doesn't want to execute.

      Although, when/if this is presented as an alternative it will be interesting to see their response as to why it's not sufficient.

      Steve

    2. Re:User friendly Palladium ? by user32.ExitWindowsEx · · Score: 1

      It's not really a different problem; the real difference is that the entertainment industry thinks it owns your PC (Palladium) and the NetBSD devs think you own your PC (this).

      --
      "Evil will always triumph because good is dumb." -- Dark Helmet
  8. Re:BSD license is -good- by Anonymous Coward · · Score: 0

    how can you -not- be a fan of BSD licensing? You can do anything you want with the code!

  9. this will use new "trusted" CPUs well by Anonymous Coward · · Score: 0

    one TCPA/Palladium enabled CPUs become available this type of thing can be improved upon by storing the allowed executable hash table in memory that is protected from the rest of the system (true immutable data!).

  10. Re: your sig by King+of+the+World · · Score: 0, Troll

    In that case, I live in your butt.

    --
    --Giving to trolls for the benefit of us all
  11. Re:BSD license is -good- by Anonymous Coward · · Score: 0

    Maybe he doesn't feel freedom is worth it if other people get it too...

  12. What about bash? by Vinum · · Score: 1

    Bash is a "interactive" session.. if this is installed you won't be able to login? I am not saying this is a bad thing, I just want to remind people that security is an onion. As long as your system has many layers the hacker has to go through, it will make him cry eventually and find another computer to hack. Nothing is unbreakable by itself, but there is a point to where your computer is more difficult to hack than it is worth it.

    1. Re:What about bash? by blymn · · Score: 1

      If bash has a fingerprint in the list then you will be able to login because it will be able to run. The bit that you have picked up is that you can have, say, a perl script file that starts with #!/usr/local/bin/perl but a user typing /usr/local/bin/perl will not get perl.... this means that you can have verified scripts but prevent the shell interpreter being put to other uses.

  13. Seems backwards by coyote-san · · Score: 5, Interesting

    This seems backwards, with a list of hashes hardcoded into the kernel.

    I gave this some thought a while back, and more from the perspective of the user-space loader, and decided that it made much more sense to compile a public key into the kernel and cryptographically sign all trusted binaries.

    The result is similar - you still have to verify the checksum before you load the file, but instead of having a hardcoded list of hashes that could be a maintenance nightmare you just check the checksum attached to the file itself.

    It would also be easy for the kernel to determine that an executable was signed. Or you could be a bit more intelligent and stuff the signatures within the ELF file as an extension - this would allow you to protect the executable code, yet allow the initialized data (which could contain messages, etc.) to be modified.

    The kernel would then only need to have a few public keys (or certs) - the project itself, an integrator, perhaps a local developer or two. Private keys, needless to say, should never be stored on the system.

    All that remains is monitoring the list of authorized keys. That would be easy to do; I don't remember if BSD has a /proc FS but that's one obvious place to publish it.

    Of course, since this is all blindingly obvious (it has to be, if I came up with it on my own with a few minutes thought) I'm sure that the USPTO has given a patent for it to somebody. Probably Microsoft. :-)

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
    1. Re:Seems backwards by Anonymous Coward · · Score: 0

      This could be implemented as an extension to the current scheme without much difficulty. The code already has the concept of different kinds of hashes, so it should fall in easily.

    2. Re:Seems backwards by Twylite · · Score: 2

      My sentiments exactly :) Promote the system from using a hash to using a MAC, and gain flexibility and simplicity.

      There is also the possibility of increased security: if an attacker finds a way to modify the hash list in the kernel, they could put in a trojan binary, or add a new verified binary. With a asymmetric key MAC system, then can't change the key without invalidation ALL of the verified binaries, which means also changing the MACs stored in/with this binaries. That's quite a bit of effort.

      But this is a great step forward.

      --
      i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
    3. Re:Seems backwards by Twylite · · Score: 2

      Quick addition: this also allows you to introduce new verified binaries into the system without rebooting ...

      --
      i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
    4. Re:Seems backwards by biohazard99 · · Score: 1

      Are *BSD binaries elf or some other format? I know they have ELF compatability layers, but I'm guessing this would be for straight BSD binaries

      --
      Read my plan to save the Bengals
    5. Re:Seems backwards by Anonymous Coward · · Score: 0
      Quick addition: this also allows you to introduce new verified binaries into the system without rebooting ...

      if it's not in-kernel, then where do you store the keys such that the cracker does not get them yet you can add new verified binaries? If it is in kernel and unmodifiable (securelevel) then you must reboot to change and the cracker must reboot to change. you will notice a reboot, yes? but if it is just keys then the cracker has access just like you have access to change those verified binaries and all the checksum verification system does is add a little layer of surmountable complexity and make the system run slower.

    6. Re:Seems backwards by vadim_t · · Score: 1

      I think what the parent means is that you shouldn't keep checksums in the kernel but a public key. It's simple. You put a public key into the kernel and have the private one on a secure computer without network access.

      Say you want to update your server. You put those binaries on a floppy or whatever, take them to the signing computer and sign them. Then you copy those binaries to the server with the signature.

      Since you can't fake a signature the kernel can verify that the binary has been signed by you. If you used the checksums idea you'd have to keep a checksum per file, which probably would require a recompilation and a reboot every time you wanted to update something.

    7. Re:Seems backwards by cbiffle · · Score: 1

      (This is surmised from the e-mail linked from the article, and may be wrong. *grin*)

      It sounds like hashes were used because, while they're a performance hit, they're not -that- big of a performance hit. Evaluating a signature (say, RSA or DSA) is more CPU-intensive than MD5 or SHA1. We're talking an order of magnitude here, maybe more. This would have to be done on each load of an executable, shared library, and shell script. Also, a lot of OSen are still resistant to putting potentially restricted crypto into kernel-level systems.

      As far as placing the signatures into the ELF binaries, the author discusses that in the e-mail and rejects it for two reasons:
      1. Doesn't work for #! shell scripts. A separate fingerprint table does.
      2. Putting the signature in the file still allows the file to be replaced, signature and all. Loading the signatures into a kernel table on boot makes it harder to munge them at runtime. It's not just untrusted executables we don't want to allow -- replacing one trusted app with another (say, ls with rm?) can be just as bad.

      Beyond that, though, I agree -- signed (rather than simply fingerprinted) files could definitely be a good thing, and I'll be watching to see how all this develops.

    8. Re:Seems backwards by matts.nu · · Score: 1

      Evaluating a signature ... would have to be done on each load of an executable

      No, it wouldn't. The kernel should cache the hashes of binaries that have already been verified. So you get the performance hit only once (given a sufficiently large cache, RAM is cheap) per reboot or replaced binary.

  14. interesting to note by Anonymous Coward · · Score: 0

    a local company here in Phoenix, AZ, implemented something very similar. they forked freebsd and called it securebsd.

    problem is, the license they used for securebsd was truly shit.

    http://groups.google.com/groups?hl=en&lr=&ie=UTF-8 &oe=UTF-8&newwindow=1&safe=off&q=securebsd+firewal ls

    first thread ... Re: SecureBSD (Was: Re: Firewalls and the endless story!)

    looks like Darren (in his post) was referring to this very NetBSD feature.

  15. *BSD is dying by Anonymous Coward · · Score: -1, Troll
    It is official; Netcraft now confirms: *BSD is dying

    Still another crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

    FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

    Fact: *BSD is dying

  16. Hard times for *BSD by Anonymous Coward · · Score: -1, Troll

    So why now? Why did *BSD fail? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know *BSD keeps losing market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personalities?

    The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.

  17. Re:BSD license is -good- by The+Fanta+Menace · · Score: 1
    how can you -not- be a fan of BSD licensing? You can do anything you want with the code!

    ...and that's possibly the problem. If I write something and release it for the world to use, I want them to give their changes back to the world also. I want it to stay free.

    --
    -- Even if a god did exist, why the fsck should I worship it?
  18. I guess... by Hard_Code · · Score: 4, Insightful

    This raises the constant on the level of security, but not the order of magnitude. From what I read, this just makes it more burdensome on the hacker...it's not actually introducing a new level of security. I suppose this would be good for internet 'appliances' where the access is probably limited to any holes or buffer overflows in web scripting languages. But it seems if one has access to the file system (prerequisite for trojaning anyway) this system breaks:

    "Even if the file did have the same inode if the contents are modified then the fingerprint will not match anyway."

    Huh?? So, the attacker just regens the hash on the trojaned binary and the kernel thinks it is the cached value...am I missing something here? Can one NOT change the cached hash without creating a seperate inode or something?

    --

    It's 10 PM. Do you know if you're un-American?
    1. Re:I guess... by Hard_Code · · Score: 2

      as was suggested in another post, just signing binaries with a kernel key (that the installer generates uniquely! or maybe even regenerate at each boot) seems like a more solid approach (if you can automatically stick these signatures in some binary extension without actually affecting the binary executable content...otherwise it's a mess)

      --

      It's 10 PM. Do you know if you're un-American?
    2. Re:I guess... by blymn · · Score: 1

      Huh?? So, the attacker just regens the hash on the trojaned binary and the kernel thinks it is the cached value...am I missing something here?

      Yes, you are missing something. You cannot "just regen the hash", the list is in kernel and cannot be updated once the securelevel has been raised. The attacker would have to regen the hash, insert it into the list of hashes to be loaded at boot and then reboot the machine. A slightly more difficult task.

      Can one NOT change the cached hash without creating a seperate inode or something?

      The hash is not cached, the comparison result is. If the file is somehow updated then the cached comparison result gets cleared.

  19. How would you do that with a script? by Anonymous Coward · · Score: 0

    How would you do that with a script?

  20. Re:BSD license is -good- by Anonymous Coward · · Score: 0

    Well, okay, I can see why you wouldn't want to BSD-license your *own* code, but you can't have anything against someone elses BSD-licensed code, can you? You're allowed to do a lot with it, including everything that's allowed by the GPL, and more.
    About "staying free", it's true that someone can take BSD-licensed code and make a proprietary product using it, but *the original and free code stays free and available to everyone*.

  21. Rather pointless by Anonymous Coward · · Score: 1, Funny

    Why not do what Redhat does and try to find another 10
    different ways to colorize file listings. Everybody
    knows that only by having the most ways to colorize file
    listings will you actually have a better operating system.
    Nobody cares about how good your tcp stack is or
    if you have a more secure operating system. Its all
    about colorizing file listings.

  22. IT is free. by mindstrm · · Score: 2, Insightful

    The code you wrote is freely available to all.
    Code others make out of it may not be.

    So you want to dictate that only those people who are going to give code away are allowed to modify your code. That's fine, just don't pretend it's about freedom.

  23. more details on verified exec by blymn · · Score: 4, Informative

    For people who want to understand more about what verified actually does, have a look at my home page which has a bit more detail on the philosophy and also a copy of the paper I presented on the subject.