Slashdot Mirror
OpenBSD Gets Even More Secure
Telent writes "As seen in this post by Theo de Raadt, OpenBSD is getting even more secure, working on smashing script kiddies running buffer overflow exploits dead. Tightening PROT_* according to the POSIX standards and creating a non-executable stack on most architectures are just two of the recent enhancements, most of which are in -current now."
I like the way, BSD makes non-exec stack default. I think in the latest linux kernel, you can make it non-exec at compile but it is not default.
Consensus is good, but informed dictatorship is better
One day, Theo is going to decide that allowing people access to the HTTP port of the dist machine is just too big a risk, and OpenBSD really will be the most secure OS there is.
I think BSD will always have its place. It is secure for one thing. And nobody wants a GUI on their servers. Running XWindows can create security holes as well.
Consensus is good, but informed dictatorship is better
Yah, now If only I could run Open BSD on a system with more than _one_ processor. =/
-sithEnder
google cache, in case of server is slashdotted
A few other people would agree that OpenBSD is the most secure OS. Although I'm a Debian user, kudos to the OpenBSD team on their work.
Your hair look like poop, Bob! - Wanker.
X isn't insecure, really... oh wait, is that a window I hear breaking in the background... gotta go...
I don't see how an 85% profit margin makes the oepraing system less secure.
I think its good that organizations such as OpenBSD are taking the initiative to combat DoS/DDoS attacks. I see a lot of companies such as ISS and SecureWorks blowing smoke about "preventing hacker intrusion" when the real threat these days is worms such as Slammer. I really don't know a whole heck of a lot about DDoS attacks, but I've seen a lot of systems crumble under them, even if the os installed on the systems is unaffected. Wonder when Cisco will start doing things like this with IOS? (Unless they already are?) Discussion encouraged.
-===- "Those who would sacrifice freedom for security deserver neither" -===-
This, and other recent, articles about BSD have made me consider giving BSD a test run on one of my computer. It appears to have some interresting posibilities. And it should be worth getting to know better, it could be the right tool (OS) for some types of "jobs".
The problem is always where to start, I assume there is no BSD flavor as easy to install as Mandrake (just to pick one), but then I am a happy user of Debian (2.2) floppy installer. A few hints to start out on, for instance a install/easy of use comparison of the various BSD's would probably be helpful to more than a few readers.
Carbon based humanoid in training.
...Microsoft's goal has been to add more saleable features and more handcuffs for their users. Bill has a moneymaking mania. Then they expect a month of bugfixing to make up for over 100 months of bugmaking.
OpenBSD, on the other hand, probably has 100 months of bugfixing up its collective sleeve. I wonder if they expect that a month of portting applications will make them more popular? (-:
IRL, a month of porting applications would simply mean an order of magnitude more security holes to fix.
Making OpenBSD completely thread-safe in preparation for multi-CPU stuff is probably a steep hill to climb, too. However, the kind of stuff that OpenBSD does well probably means that very few single-CPU OpenBSD machines will be CPU-starved until long after they're disk-I/O or net-bandwidth-saturated. Which means that it makes more sense to cluster than to proliferate CPUs in an already-saturated environment.
Got time? Spend some of it coding or testing
Anyone mind explaining, or posting some links to pages explaining, what stack smashing is, and why an executable stack stops it?
We're not all l33t haxx0rs here...
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
I prefer to use BSD (Free* or Open*) as servers, as opposed to Linux.
Why?
If you've ever installed a Linux distribution, you will immediately note the number of third-party libraries and applications installed on a 'base' system. This is frustrating for me, because for the most part I may not want all those extra applications installed, because it clutters up the system, and there may be various vulnerabilities present that I'll be open to.
Instead I prefer to use BSD in these situations, because when you install the operating system, everything with a few choice exceptions (ie, gcc, apache, less) everything is part of the BSD operating system, no third party apps are installed unless you choose to at install time.
So when I install a BSD server, its clean from the get go. If I want bash, I have to install the package. This way I get control over what is on my system, and spend far less time adding what I want, instead of removing what I don't want (in the case of a Linux distro).
I use MacOS X laptop, which is the vision for what I always wanted my linux desktop systems to be. I can play DVD's, get sound working, simple updates, bash, gcc, ircII, web browsers which don't have problems on most sites, beautiful MP3 application, mail, etc.
For me, I don't even bother with Linux except for testing program portability, or for wireless lan-related applications (airsnort).
Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
I want it now, but I'd whine if it weren't fully tested. Man, to think I'm doing the "gotta go pee" dance over something like this. I need a life.
We have a lot of single-purpose OBSD boxen here. I like them a lot. Go, team, go!
Say goodbye to JVMs which do on the fly instruction creation. Can this OpenBSD page protect mumbo jumbo be set on a program by program basis?
I never did understand why this particular set of problems was allowed to exist on most x86 UNIX-like operating systems.
It's too bad that they weren't able to completely seperate executable and readable memory, but it's good to see somebody finally taking these problems seriously.
And as a bonus to making the system more secure, these changes will make it easier to debug stack-smashing bugs.
-Mark
Because they're making their OS for profit, and they find they can sell a shitty OS. It costs extra to make it not be shitty, and it's not worth it to them.
Notice that it's apparently worth it to Apple--hence the move to a Unix base. This is OpenBSD; Darwin is based on FreeBSD, right? But maybe somebody will find a way to incorporate these changes into Darwin, or maybe Apple will do it themselves. I would certainly appreciate it if they did.
I found the meaning of life the other day, but I had write-only access.
Theo de Raadt writes:
If you're running a JIT compiler/interpreter or other dynamic code assembly, you sure as hell do.
I can see how you might be able to write dynamically generated code to a page, then turn off PROT_WRITE and turn on PROT_EXEC before jumping to it. However, this is almost certainly two trips into the kernel, each involving tons of permission checking. So performance will likely suffer, which negates the whole point of doing JIT in the first place.
I like his survey of MMU architectures, though.
Schwab
Editor, A1-AAA AmeriCaptions
Anyone know how portable these modifications are to other BSDs, notably Darwin?
I found the meaning of life the other day, but I had write-only access.
It's the difference between love of money and love of your job I suppose. People who are more interested in creating a product that THEY want (BSD developers) are more likely to create a product other people will want. People who are creating a product OTHER people want (as in MS developers making products for their managers' current whims) just won't have the heart for it. Of course... an outright disgust and ditrust of your customers helps create a faulty product as well :\
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Simple, I think. Because BSD works in security at the kernel level. Look at the levels of paranoia evident in their design... MS had long ignored this, and counted on application security, now they've just started to pay attention, but it comes as terrible palladium.
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
Ancient and venerable 24-bit CDC 3150 machine in 1970 solved buffer overflow problems by pre-writing return jump to execover (pass control to data area and bang, you're dumped) instruction throughout user space. When you got the dump, the ASCII interpretation was "ojoy". So you got about thirty pages of blue-bar printout saying "ojoyojoyojoyojoy...".
Thou hast damnable iteration, and art indeed able to corrupt a saint - Henry IV, Act I scene II
Theo de Raadt spells his name like i just did, not "DeRaadt" (see article from story). besides, this is blatant troll. mod down.
Oh, they certainly can, even though a closed source model is much harder to be secure, given the smaller test, and development base. The problem is, it's simply not a high ENOUGH priority at most businesses. And why should it be, when people buy for marketing schemes, pretty graphics, and "but I just want my $10 modem to work" stuff.
Security isn't just a unix/windows war though, Solaris has had big trouble with security in the past, and so has IRIX. I haven't heard much about AIX, or HP-UX, but likely those machines wont be used for external servers anyway, so it's not QUITE as big a issue.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
The floppy based install is pretty easy. If you have a windows nt/2000 box, get ntrw.exe and (probably) floppy32.fs. run command ntrw.exe floppy32.fs to create a boot floppy. If you have a weird device, you may need a different .fs file, read the docs...
/tmp, /var, /home, but this is a simple example) The first partition is always / (at least, I can't make the installer do anything else- correct me...) and the next is the swap partition. Something like 2*RAM should do for swap (again...correct me if I'm wrong)
It does put you in a disk partition situation which can freak people out. For your first experiment on a disk with no data you care about, you can tell it to use the whole disk for obsd, and go with two partitions. (many would advise separate partitions for
If you can set up an ftp server, you might want to get the ~120MB (if using X, about half that if not) and put it on a local ftp server. I have found the mirrors pretty adequate, even right after a new release.
Post an obfuscated email and I'll send you a cheat-sheet, with how to do common things that are too easy for the gurus to think of supplying and too hard for a novice like me to figure out. Mostly network stuff.
A nonexecutable stack is no guarantee of safety. Solaris 2.6 demonstrated this here.
-- Good judgement comes with experience. -- Experience comes with bad judgement.
We use p200's with 64 mb ram for dns and web, no problems. We don't get a lot of traffic, true. But we're using something like .5% proc.
The OpenBSD team is a really great group of hard-working coders that don't stop with writing just average code.
This latest security measure goes to show why they're still #1 when it comes to really closing up a machine's holes to prevent abuse and unwanted infiltration into a system.
Unfortunately, they still can't get UltraSparcIII documentation that they need for their project.
I urge you all to contact SUN Microsystems and demand that they hand over the details of the US III series computers.
*nix.org -- Latest article > "Taming OS X"
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
80 times a minute for over half a day is a little excessive.
:-)
If it was anything under 61 times a minute I'd be more sympathetic.
12 times a minute would be peachy.
Someone set us up the bomb, so shine we are!
I don't think anyone claims OpenBSD is not an innovator. But it really isn't that hard to secure a *nix box from most security breaches. The biggest part is keeping current on patches and staying away from software such as BIND and sendmail. I can still exploit root on an OpenBSD machine with a crappy CGI. If you need to hack the data on a machine, there are low level exploits (though if you have data someone would want to hack, you should be encrypting your filesystems.)
:)
I do admire OpenBSD's approach to software development; it can be called responsible if nothing else. It's just that for volunteers who basically code other *nix OSes, code auditing is not nearly as much fun as porting your OS to a Nintendo.
VMS is probably a close second in terms of security. Its C-2 secure right out of the box. Plus most script kiddies would be left scratching their head trying to use it.
Only the State obtains its revenue by coercion. - Murray Rothbard
I would argue that a JIT compiler isn't a "Normal Unix process", the way that Theo's using the term. A debugger wouldn't be either, among other things.
But your http server, and your inetd, don't need to write code into their own address space...
-Mark
It's has got more to do with priorities rather than budget. Windows was meant to be more of a "user-friendly consumer OS"... Although the security of Windows is at you say not as good as openbsd, I doubt that patching openbsd is at easy as opening the default browser, clicking on the Tools toolbar and click Windows Update.
Not trolling here, just showing another perspective to the issue.
Welley Corporation - SLM Scammers
Most web hosting companies use BSD for shared servers. BSD is more secure.
Most 'Nix desktops and programmer workstations run Linux. Linux is friendlier, has commerical backing, and has a bunch of companies that put it out on "20 minute install and go" distros. Other then that, both operating systems are equal, can perform the same tasks, are flexible, and better then the immoral alternative.
The middle ground is a joyous place. Let's just hope that both projects continue to grow and prosper. Two choises are better then one. Both causes fight for what's right.
I really never understood all of the bickering.
I don't ask for sympathy because I'm ok now...I've "learned my lesson". (The lesson I have learned is that next time don't get caught...j/k)
SIGFAULT
You just have to explicitly mprotect(2) the memory where it happen with PROT_EXEC|PROT_WRITE. The fact that on some OSes it can work without doing that is actually a bug in these OSes.
What the change is doing is the right thing, using a minimum privilege way to achieve more security. If some static code actually contain data that look like machine code it could be executed this wont be possible anymore.
Non executable stack by itself was far from enough as most program have some way of putting things on the heap or elsewere for an attacker and he could jump there instead of jumping on the stack. Coding an exploit for OpenBSD will get real tough now, even if there's an actual buffer overflow.
I often hear glowing praise such as this for OpenBSD. Why do we have two different Open Source groups working at seemingly common purposes? Or is it (for you Monty Python fans) a case of the PFJ vs. the PJF splitters?
Seriously, without MS would there be a reported "shortage of qualified computer personnel"?
If all these exploits are beaten before they are even implemented how will one prove their worth to their employers?
Damn it, I thought that SQL Slammer was a saving grace. We didn't have our servers at sp3 but then again they are behind a dual stage firewall so we had no hicup at all. However, I got the time at work to install patches as a result of the media.
To summarize: don't eliminate vunerabilities because you'll just be eliminating someones job (both the admins and hackers).
[end sarcasm, or my attempt at sarcasm since I haven't seen any around these parts since 1995]
What is done is protecting memory zones created by the linker, mostly memory zone holding constants and static variables, so no there's no executable code in this area.
When you write a JIT you allocate your own memory on the heap and then compile your code there. On order for this code to be executable you have to mprotect(2) the memory zone holding your code with the PROT_EXEC flag, or PROT_EXEC | PROT_WRITE if you want to be able to modify it afterward. Anyway you can change the memory protection at anytime so anything you could do before you still can do.
Secondly, who the hell are you? Stop impersonating me on Slashdot.
--
Theo de Raadt
Founder, OpenBSD project
Clueless : Informed
--
est modus in rebus
During these hostile and trying times and what-not, OpenBSD may your family's only line of defense! Only line of def-def-def...Only line of def-def-de-df-df-df-df!
:-)
Be sure to download the openBSD theme songs if you haven't already.
If volunteers in an open source project can make an operating so secure, why can't a company with a lot more money and programmers not secure their operating system as good?
-Fzz
I guess you could say, we are working on things more significant and important than making sure OpenBSD works on crusty old PDP-8s and Nintendos
:P
Well don't lose sleep over it, I pretty sure NetBSD tied up those loose ends LOOOOONG ago.
Join the TWIT army now!
Don't forget about Mac OS X. It is BSD, but ease of use is an order of magnitude greater than anything else out there.
Someone in FreeBSD and NetBSD with commit priviledges is surely looking at those patches.
The bigger problem is that the principle of least privilege is not adhered to in world of Unix. Programmers will always write bugs and applications will always have vulnerabilities that can be manipulated. Manipulation of services should only effect the service being manipulated, not the whole system. For example, services should have NO access to anything by default. When you install a service you should set up the specific permissions that it requires (this can be made easy - the app, upon install, can recommend the permissions and you can just say, "okay"). If the app tries to do something that it doesn't normally need to do (like access /home/me/mysecretfile), the system should log an access denied message; the Linux kernel right now can't even audit denied access to files! CHUID permissions to deliver mail to people? A much cleaner mechanism is for the mail server to create the files under its own name and give permission to the user to take ownership of the files.
Linux, and Unix in general, tends to have pretty limited access controls. Even with ACL support, the distros still need to ship with restrictive settings and manage them. A lot can be done to provide a framework under which compromises can be limited and can be audited. Right now we don't have that. Without detection and reaction, how do you know that your prevention is effective?
s/Lousy Security/Lousy Interface + Lousy Security/
From the article itself:
[[[
These exploits require a high degree of precision. I've tried to take out most of the guesswork, but there are two things that might cause the exploits to fail. The lpstat and rdist exploits expect certain things to be in the environment at exact locations.
]]]
Probably the best metaphor here is the game Twister. The new work by Theo et al. forces the black hat to put his left elbow on the blue bubble. Sure, he can still do something devious with his right leg. But if Theo keeps dealing out the cards, eventually his bowels will explode.
In constructive software development, the programming cost is widely regarded as exponential in the number of constraints faced. Yet in the popular lore, for a black hat, a sliver of a glimmer of a faint and twisted hope is all in a day's work. This from the lips of the same people who pretend not to believe in Area 51.
For the 64 bit versions all pages have proper rwx permissions applied as specified in VirtualAlloc etc., but I'm not sure if the stack is no-exec by default.
Still, there are bound to be tons of protocol implementation errors that have nothing to do with fixed length buffers :P
1. when you have a technical user base, they can work with the OS w/o breaking it. Then you dont need to make an idiot-proof product 2. when your OS is made as a platform for just about any application, there is a ton more code to work with (and add to, and fix, and improve, etc) 3. when you have 90% of the malicious programmers in the world trying to exploit your OS, there is probably always a problem to work on. So, its easy to complain and criticize someone. Show me a simple problem, and I will show you somebody who hasnt put a lot of thought into how to solve a problem. Because I have yet to encounter any 'simple' technical problems.
Manipulate the moderator system! Mod someone as "overrated" today.
If they'll just get off of their butts and get SMP support, I'd switch all of my servers over to it in a week. Really. It's just too bad that they don't seem to want to support anything larger than a desktop PC.
Wait, my desktop is a dual Athlon. I guess my DESKTOP machine is just too advanced for them. C'mon, Theo, get it together.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
Well, like I say, there is nothing more American than a good ol' fashioned double-standard.
Manipulate the moderator system! Mod someone as "overrated" today.
OpenBSD, and BSD in general is so much more secure than any version of Windows, it's laughable to even compare the two. This isn't about tightening up their own code, this is about tightening their code to prevent poorly-written 3rd-party applications from becoming launching platforms for attacks against OpenBSD machines. Microsoft's main problem with security isn't 3rd part apps, it's the millions of lines of unsecure and buggy code in highly integrated applications such as Internet Explorer and Windows Media Player.
To compare this to Trusted Computing is like comparing apples and black holes.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Forget about security through obscurity, this is security through paranoia. Sometimes, it is justified.
Will W^X disable all runtime decrypting/decompressing binaries? It seems to me that these features prevent burneye and/or UPX style binaries. Thoughts?
Chris
If you really want security, go and buy OpenVMS!!!!
Good point about success measurement. OpenBSD was also the project that gave us the widely used OpenSSH. OpenBSD may not get the commercial backing Linux does, but it's still an important project which has produced features and ideas that other projects now benefit from as well.
putfwd.com - 1GB Free file storage with a twist
Lets ignore the fact that MS basically put ALL their products on hold to do this, and released a swarm of patches to fix problems they found.
;-)
Not very effective were they?
A swarm of patches that Microsoft itself can't patch its own computers?
For some years, OpenBSD has had the annoying habit of closing holes about six months before the exploits are discovered. It's called being proactive
Number two, I'm guessing, is that these are apparently fairly new ideas, so the Windows guys might just not have thought of them. Or, if they did, they might have incurred more of a performance hit than Microsoft was willing to take. Or maybe doing it under Windows would have required a complete recompile of all Windows applications. There are many possibilities.
--AC
MS nominally put their products on hold for a month, but that is all. The OpenBSD design philosopy is paranoid - Microsoft need to have the same for their core components, and to make sure that other layers can't just quietly bypass security measures for performance.
A fast webserver doesn't really do you much good if it is 0wn3d by some H4k0rz. The wird thing is that the underlying security mechanisms (identifiers, rights and objects)in NT/2K are really quite good. Regrettably, usability sucks and support for the security mechanisms by applications (especially Microsoft's own) was non-existant. Once you have busted an app with "Functions as part of the operating system", you own the kernel.
Personally, I believe in plurality and I like spreading an app between different Linux dists, FreeBSD or OpenBSD. I would also include Win2K on thatm except that essentially you pay based on connections, which can make it really pricey. However, the idea is that one system may be broken into, but not all.
Facing the external internet though, I still prefer OpenBSD.
There's a general consensus that it's an excellent server, especially for anything in a DMZ/outside firewall. A minority use it for workstation. It'd be a pretty secure workstation, though. I've not taken it that far.
The hell you can! Apache is running as a normal user, and is chrooted. In addition, systrace is quite popular, which could be used to stop even horrible applications which reqire root access from being exploited even in case of serious bugs.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
BSD has no,zero,zilch worthwhile security.
;)
If it does, then how did Theo crack the system in the Nakatomi building? If BSD had been secure, John McClane never would have had to take on those criminals by himself.
Winky added for the humor impaired.
I belive it was BSD 9 in a screen shot of the computer. After much deliberation, I have decided NOT to play Die Hard to be sure that was the correct version that was displayed.
The Kruger Dunning explains most post on
"Windows was meant to be more of a "user-friendly consumer OS"."
that is no reason for it, that is just an excuse.
Windows is written to meet demand, not to exceded it. It could be secure, but they really don't care.
There starting to care, unfortunatly they would have to do a real redsign from the ground, by people who where experts, and had never seen any other windows code.
Do you think Car companies would care about safety if you were forced to sign a waiver and couldn't sue them? Hell, you'ls be lucky if the brakes worked after a month.
I'd rather hace to do an update once in a while by hand, then an update every couple of months with push button convience.
The Kruger Dunning explains most post on
Thank you OpenBSD!
Cleara
On Intel processors, read- and execute-permission for a memory page is only one flag. For this reason, if you make the stack nonexec on Intel machines, the cpu will have to do a lot of context-switching, because all the protection faults that occur when an application tries to read from a non-exec page need to be handled by the OS kernel.
On SPARC, Alpha or POWER CPUs there is one flag for the read-permission and another one for the execute-permission.
To prevent exploitation of buffer overflows, I believe that we simply need much better hardware.
For example, IBM's AS/400 has Hardware pointer protection. It is absolutely impossible to fake certain types of pointers on the AS/400, because the CPU will recognize when a pointer has been overwritten due to a buffer overflow.
That's how REAL bufferoverflow-protection works. If you just make dataregions nonexecutable, you can still parameterize some kind of library function (how about execve()?) and make the vulnerable program jump into the codesegment to execute the library function with the parameters specified by the attacker.
AS/400s simply 'abuse' one bit in the ECC code as a flag for marking valid pointers.
For every 64 bits in RAM there should be 1 flag bit, which tells the CPU whether the data in memory is a valid pointer or not.
An instruction like LEA (Load effective address) should then implicitly set the flag, and instructions like MOV (Move Data, actually a copy instruction) should always clear the flag.
If a RET (return from subroutine) instruction tries to load an unflagged (=invalid) pointer, the CPU should trap to the OS kernel.
For legacy application, that are too damn stupid to use pointers in a correct way, a privilege could be added to the OS kernel to allow an application to use even invalid pointers.
Furthermore, read- and execute-permission should be separate flags and all stack- and heap-pages should be nonexec by default.
Gosh, don't you just hate that? I do too, that is why I only run my servers off the Debian root floppy. With five virtual terminals, who needs a base system or other stuff from "third-parties"? Why should I let this GNU stuff get between my server and pure Linux kernel goodness?
Joke over. Here is a little story about the development of BSD. It kind of looks like other free software develoment, where lots of "third-parties" throw in their useful contributions. I'll admit that some distros are getting a little bloated but that's no reason to be nasty about things. OpenBSD is a nice, easy to use and secure dist.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
can't install it on my main production servers. Why? Because it STILL does not have locales. And without locales cyrillic doesn't work in mysql, zope and other applications :( OpenBSD makes a great private net forwarder in remote locations tho.
"
but likely those machines wont be used for external servers
"
is a bit of a red herring. To be secure a server has got to be secure against rogue internal clients too. Do you trust every X client to be able to handle rogue events from every X server? There have been some pretty shoddy X servers out there, particularly in the Windows desktop world, and I certainly wouldn't trust them.
YAW
Your head of state is a corrupt weasel, I hope you're happy.
Too bad the Open Source community has no equivalent...
May we never see th
Well, up to the point of thousands of testers, windows has a better market, but it's only because windows is so popular, not because it's a closed source project. Back when linux 2.4 was being worked on, there were literally thousands of people testing it, including people with skills. Probably over half of microsoft's "beta testers" were just in there to get a cheaper copy of the full version.
:-)
And, as far as users go, it's even worse. With so many people just using MS Word, Outlook, IE... Oh wait, Microsoft STILL hasn't got any of those programs secure.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Trusted Solaris
andPit Bull from Argus Systems
IIRC, these are more common Un*ces that are patched to provide "capabilities" - that is, instead of the root being the one-size-fits-all user that has enough privileges to get anything done, different kinds of access are broken down so that if a running program getw 0wned, it limits the damage.
Theo's answer to that probably would be, "code it right in the first place and it won't GET 0wned!!!", which is a valid point, the devil (no pun intended) is in the details.
BTW, I first came across EROS comes from Alan Cox in an interview with Robert Metcalfe a few years ago (remember the "Open Sores" series of articles? Great trolling, Bob!), in response to a question of what he thought was going to be the next big thing after Linux. He was impressed with the response (having previously accused Linux-y types of monomaniacal zeal), but it didn't overturn his opinion at the time that Linux was doomed. Oh well. (This comes to you courtesy of the similarly fated Internet.)
It would help if they stopped IRCing from their CVS repository machines. That may not make their code more secure, but it will help keep the back doors and trojans out.
I am constantly amazed that people who commit this kind of beginner's mistake have the gall to call their software "secure". And then they ship sendmail and BIND with it. ROTFL
And then they ship sendmail and BIND with it.
The BIND that comes with OpenBSD is an audited V 4.x IIRC. That should suffice for many many users, those that need 8.x or 9.x can find it them the ports tree. The sendmail is locked down as well and doesn't accept connections by default.
Nice FUD otherwise.
Trolling is a art,
I think finally I am gonna try OpenBSD. Does anyone know what hardware requirements it has
Currently supported hardware can be found here. Enjoy, it's a damn fine OS.
Trolling is a art,
I was thinking about this on my drive into work this morning, and I came to the conclusion that what we need to do is to change the C style stack usage to use two or three stacks.
Consider: C uses the stack for three types of information: call/return information, parameter passing, and local variable storage. I assert that this is the cause of most of the stack problems in C - you are using the same thing for three different needs.
Let me discuss each of the three uses in turn. I will use x86 terminology for this discussion because that is the primary architecture used for Linux and because that is what I am most familiar with, but you should be able to generalize my points without much problem.
First, you have the call/return stack. This needs to the be CPU stack so that normal CALL/RET operations work. The only things that should be stored here are the actual return addresses, as well as possibly register saves (esp. for interrupt routines). However, in a unified stack design it is possible for the bad guys to modify the return address. Thus, even in a non-executable stack environment I can still change the return address to point to a function, say exec().
Second, you have the parameter passing stack. Ideally the only thing on this stack would be parameters passed down to the function from the caller. However, in a unified stack design, I can modify this stack to contain data - thus I can create a pointer to the string "/bin/bash" on the stack. With this and with the call/return modification above, I can cause the current function to "return" to exec(), with "/bin/bash" as the arg. Boom. Remote shell.
Third, you have local variable storage. If this space were seperate from the other two stacks, then overflowing a local buffer, while still bad, would not be able to modify the return address nor would it be able to create parameters. Ideally, every subroutine would be given its own sparely mapped local space - thus boundary errors would likely throw a page fault (granted, the cost of setting such a mapping up for each subroutine call would be prohibitive, so it is unlikely to happen without some form of hardware acceleration. Perhaps a low/high limit register could be added to the various index functions, such that an access relative to EBP, ESI, EDI would fault if it went out of range.)
However, consider just seperating the stack into three areas, widely seperated. ESP would point to the hardware stack. EBP to the local storage area, and ESI to the parameter block (with EDI pointing to "this" for C++). Now, a bad programmer has a buffer in local storage and doesn't range check it. A would-be exploiter still cannot modify the return address nor can he modify the parameter stack. The most he could do would be to hose the local variable storage (granted, that might still allow him to corrupt the local vars for some other function and perhaps get an exploit that way, but it would be even more difficult).
Granted, to do what I just suggested means throwing out *all* standard libraries, tools, compilers, and so forth - I am not actually suggesting that the x86 family do this! However, for new architectures like Sledgehammer et. al, this might be the time to make such a break.
www.eFax.com are spammers
OpenBFD
PegQuin--I've got a sneakin' suspicion
Moderations: 40% Flamebait, 20% Insightful, 30% Funny
I guess it was humorously insightful flamebait...
The other 10% was "Underrated" or "Missing"?
Norris/Palin 2012
Fact: We deserve leaders who can kick your ass and field dress your carcass.
I can still exploit root on an OpenBSD machine with a crappy CGI.
/var/www] (httpd)
Really?
www 2224 0.0 0.0 1188 1760 ?? Ss 7:01PM 0:02.24 httpd: parent [chroot
But it doesn't run as root and it's chroot'd...
Good luck getting root!
I think by far the easiest way to mitigate the security nightmare that buffer overflows represent is to use LIDS (www.lids.org). Buffer overflows would not be the huge problem that they are if you didn't have daemons running with all of the privilidges of the root account.
/usr/sbin/httpd the ability to bind to port 80, and no other root powers.
LIDS lets you strip away all of root's power, until it is no more powerful than any other normal user account, and add individual capabilities back to particular programs, like giving
Now, buffer overflows are still a problem in that you can crash a daemon, but they would not be the security disasters they currently are.
What I like the best about LIDS is that is sits on top of the existing Linux security mechanisms so nicely and doesn't do violence to them. You can turn off LIDS when you need to install new software or want to test something without having to figure out a whole new ruleset. You just disable it, do your testing and reconfiguration, then reenable it before you go back into production mode.
I doubt that patching openbsd is at easy as opening the default browser, clicking on the Tools toolbar and click Windows Update
Right you are, and as you say, it does have more to do with priorities, not only with the manufacturer, but with the end-user. There are very few people I know of who even realize that security is an issue to be aware of. As mind-numbingly easy as Windows Update is to use, I've tried and tried to get everyone I know to simply click on Windows Update once a week. Nobody does it. Same thing with antivirus software - they just won't do it.
-- Never hit a man with glasses. Hit him with a baseball bat.
I like my women how I like my sugar.. granulated.
"Windows was meant to be more of a "user-friendly consumer OS"."
that is no reason for it, that is just an excuse.
Sorry, but I really think that's a knee-jerk reaction to the issue. I don't want to get on a soapbox to defend Microsoft, but part of MS's goal is, in fact, to meet market demand.
Chevys and Rolls Royces are aimed at different markets; that doesn't make Chevy's relative lack of reliability an "excuse." It's a trade-off, and the market chooses what to pay for and what not to.
Yeah, MS is in a bad technical corner because in order to meet market demand they've had to maintain compatability with older software components that were never, ever intended to be put on a public network. I certainly wouldn't call that merely an "excuse." If they pulled all that compatability stuff out, who would buy it? How many people here can name GREAT products that failed - and now don't exist at all - because of the market?
Sidenote: I think often about how when Jimmy Carter was President, he wanted to invest significant money in researching alternate forms of energy: solar, wind, etc. He was criticized and ridiculed. Decades later, Americans still drive gas guzzlers. Our petroleum-based lifestyle (read: desire for ease of use) has helped create a political situation (and a security situation) that makes us resent and fear some of the very people we are now highly dependent upon. And we may go to war because of it.
Seems to me the root of the problem is way too big for even Microsoft to be able to take all the blame.
openbsd idea doesn't look very original, try to look at http://pageexec.virtualave.net/ , you'll find something similar developed over a couple of years. granted, it's for linux and x86, but sparc64 port should be ready soon. it is a substantial part of http://grsecurity.net/ . openbsd lacks a lot of features, that's why it's suitable only for a few specific tasks.
Anyone with a brain can see there is nothing MS can do about bad programming that third party apps do.
so go scoff at something you know something about. BSD also doesnt have the ability to run 99% of the software that Windows can. Makes it much simpler to maintain, doesnt it?
Manipulate the moderator system! Mod someone as "overrated" today.
I should make my sig "Slashdot: News for Linux, complaints about Microsoft, Stuff that is irrelevant (unless you use Linux, Mac, BSD, etc)", because that is what this place basically is.
Oh well, I guess there is nothing more annoying to a hypocrit than having someone say "Youre a stinkin Hypocrit".
Have a nice day.
Manipulate the moderator system! Mod someone as "overrated" today.
Lets all get one thing straight- the only secure computer is one that is turned off in a locked room. ALL the OS's out there basically suck. Some may just suck a bit less.
If you think about it, MS is in a difficult position- they cant have non-technical (or the hordes of fake technical) people complain that things wont work, they have to provide a platform that is easy for other companies to write programs for, and they have to make everything secure.
ANY security decision requires a restriction on ease-of-use. This is true of door locks, automobiles, computers, telephones, etc. I will admit, and even complain, that a lot of things that MS has implimented were cludgy, based on old crappy politically contrarian past decisions, but MS has done more to innovate computer usage in the last eight years than ANYONE else.
Can someone get some stats on computer sales before and after the release of Win95? This was truly the first OS to tie it all together. Was it perfect? No. But its easy to sit here in 2003 and knock the decisions made in 1995; we learned the lessons from things that they pioneered.
Is MS perfect? No. But two friends of mine went an got jobs there, and they were basically two of the best computer people I have ever met. And also, the MS people that I occasionally meet in my job are likewise very hardworking, knowledgable people.
So sit in your chair with your attitude of inflated superiority. Its probably the only thing you have. I personally think its rude to knock people who have a tough job, and are doing very well at it.
Manipulate the moderator system! Mod someone as "overrated" today.
... because 'secure operating system' is qualitative, and 'lot money and programmers' is quantitative (one million monkeys ... typewriter ... you know)
If OpenBSD had as many serious security patches as Windows, somebody would probably get around to writing something like that :-). Then again, if it was as buggy as Windows, it wouldn't be OpenBSD.
Redhat has their RedHat Network which does easy updates. I have my own package that I use instead (mostly 'cause I'm used to it). If I'd wanted to, I could probably modify it to work with openSSh but, so far, it really hasn't been worth it (my OpenBSD box is used as a firewall, so it has a lot less loaded on it to begin with (on a 500MB disk) -- thus a lot less to patch.
When playing with servers, patching a system is often much more than just blindly installing the latest patch. (especially with windows). One also has to check to make sure that the patch doesn't also break something critical. From an operatonal point of view, there isn't much of a difference between a system brought down by the most recent worm and one brought down by the most recent patch.
Of course, unlike the Open Source world, you almost never have the option of back-porting the most recent patch to your system if the 'product updates' included with a patch break your software. (actually, acording to the most recent M$ EULA, you may not even have the right to wait until you can fix your software to survive the latest patch).
OS Software is like love: The best way to make it grow is to give it away.
typedef u_int32_t uid_t;
% uname -mr
3.2 i386
OpenBSD does support 32 bits UIDs and always has. off_t is 64 bits and always has too. Linux is the OS with grow problems, decent OSes are sized correctly from the start.
On one hand, there were... how many million lines of code in Windows at last count?
On the other, a heck of a lot of `Linux' stuff recompiles painlessly for any of the BSDs. All OpenBSD really needs is a nifty installer - and it could borrow one from Debian, soon.
Got time? Spend some of it coding or testing
However, a non-flat address space doesn't play nice with traditional kernal designs, and to the best of my knowledge no one has ever actually implemented the type of operating system that x86 was designed to support.
For that matter I doubt you could hack me through the CVS version of IrcII-EPIC even if I were running as root, and I'm running gentoo linux, not even openbsd.
Remember, OpenBSD isn't just about avoid remote root holes, they fix local ones as well. Fixing local holes means that even if you do manage to execute commands through someone's irc client you still are unlikely to be able to root the system.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This was one thing when an OS cost $50, but it isn't really excusable when you have a $5000+ system.
I know how it happened, the engineers were told to go off and produce wonderous things but there was no overriding concept. Once those things were produced they had to have the software equivalent of a file and hammer to fit them together.
Did MS innovate? Well no not really. A lot of what MS came up with is based on technology acquired from other companies. Some of the stuff they have produced has been very good, i.e., the Win2K kernel, but there is a lot of rubbish around it that isn't. It is that rubbish, incidentally that is hard to configure and either crashes or lets the intruders in.
I have worked on some big closed source projects, one as big as Win 2K with over 30 million LOC in the backend alone. It works quite well and is quite secure, despite being written in a hodge-podge of languages and having spanned 5 architectures. It just takes a lot of work and something called QA.
Lastly, I don't have a chair of inflated superiority because I don't dance in the clouds with the developers. I generally end up with my feet firmly on the ground having to work with the things and to promise clients that they are not going to be down. I don't really care about what is put in front of me, but I prefer it when I can look at the source to figure out why it is going wrong. MS is at a disadvantage there.
Because if the typical Slashdot reader doesn't know the difference between an adjective (good) and an adverb (well), just how dumb must Microsoft employees be?
Scott Kamp
Founder The MicroBSD Project
We have been perusing the OpenBSD mailing list, and also an article found on deadly.org pertaining to the newer security features in OpenBSD. While alot of the features are new to OpenBSD, they are not new to BSD itself. The MicroBSD project integrated stack-protection into its 0.1 release back in 2001. The integration was done by Hiroaki Itoh on our servers in early 2001. While we have tried to clear the record and provide the correct information to the BSD users, both through www.deadly.org and slashdot.org the submitted
articles were rejected. A direct email from the deadly.org site quoted it as sheer flamebait,and untrue.
Well,we know differently and intend to only set the record straight. This almost seemed as
though MicroBSD information was being censored, yet the clear facts still stand as they are.
When it comes to "Stack Protection" capabilities we not only released it in MicroBSD 0.1, we were the first BSD to do so. We are not looking to start a flame war, but the acceptance of truth and the reliazation that OpenBSD is not the forefront of certain capabilities and technologies. And there are others with "Vision". The article which includes an email that was posted to the OpenBSD misc mailing list. Specifically the context thereof containing these two phrases
"The most amazing thing about this new buffer overflow stuff is that it appears noone in any other project has commented on it in a public
mailing list anywhere. Eerie silence."
"I don't know about how you guys view that, but to me it is pretty depressing that none of these other projects (or their users) see the
impact and import of these changes; that indicates a large lack of vision."
New, maybe to OpenBSD itself. But not to the BSD world overall. Im not looking to start a flame war or anything here, but the MicroBSD project at
http://www.microbsd.net is actually the first BSD based system to integrate the ProPolice work into our tree over two years ago. I myself had this stack protection code integrated by the author of the code on my systems in 2000 which was integrated in the MicroBSD 0.1 release. Yes, We forked OpenBSD, Theo and the OpenBSD group have done a wonderful job,as have the rest of the
BSD groups and we have coat tailed a bit, but we are growing from a core team of 6 people to a larger group. We will continue to integrate the Best Features from all the BSDs and share the code as we have done in the past, like CGD from NetBSD,
and porting Jail from FreeBSD, along with Features not found in any other BSD but MicroBSD so far. We had FreeBSD/OpenBSD stack protected systems in
2001 and believe we were the first BSD to integrate the code.
OpenBSD the first... No, just a larger project with a larger user base and more exposure. We just wanted to try to contribute. I think the quietness of everyone is due to this not being "new", maybe new to OpenBSD, but not new over all. All the BSDs have a reason to be there, and hopefully through time we will become known as such also. This is just my rant/thoughts on the www.deadly.org post and the mailing list traffic.
Free means no restrictions, ironic the FSF's GPL forces restrictions, isn't it? What's your definition of free?
Wrong. There are several convergent efforts to build a simple, clean GUI installer for Debian along the lines of Mandrake's (have you tried Knoppix? That's Debian. And if they dither about it, I'll port Mandrake's installer myself!). The Debian system includes FreeBSD as one OS core (along with the GNU Hurd), so it would be close to trivial to include OpenBSD.
Got time? Spend some of it coding or testing