Slashdot Mirror
Trusted Debian v1.0 Released
Peter Busser writes "The Trusted Debian project releases its first official release, v1.0. Its main focus is solving most (but unlikely all) buffer overflow problems. It features PaX, a kernel patch which does several things. It tries to keep code and data apart, it randomizes stack, code, heap and shared libraries, it does strict mprotect() checking and it also protects the kernel. Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code. It also features FreeS/WAN and RSBAC, an extensive access control framework. More information is available from the website. There is also a demonstration available for the special capabilities of this release."
No remote holes in three minutes will be the new slogan of the Secure Debian project.
:P
This must be a new linux record.
Got Extra Money?
which adds overflow checks to C/C++ code
;-)
Overflow check? But I thought C/C++'ers like the amount of CONTROL that comes from being able to shoot themselves in the foot!
At least, that's what they tell me when I tell them I program in Java now.
Guess you'll need to figure a way around these checks, eh?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
The naming of this subproject is either poorly thought out, or just downright underhanded.
"Trusted Debian" is clearly targetted to compete with "Trusted Solaris" and "Trusted(?name right?) BSD". However, "Trusted Solaris" has been CERTIFIED to meet B2 level security criteria. There is no mention of any such certification, either performed, or in progress, on the project's home page. It is just a collection of security enhancements and tweaks that is "hoped" will merit the system being trusted, but I see no formal proof or audit of that.
For those of us who are simply novice linux users, can someone who understands the technical jargon explain why a home linux user would want to use this?
Thanks.
Don't all these "overflow checkers" kill the speed of C(++) apps? I'd like to see some comparisons between the two distributions.
Are the packages the same or unique? If the latter, why not merge w/ the original code and help us all out?
Is this better or worse than the NSA's secure kernel? Why is a new distribution required if a kernel is all that's changed?
You can't judge a book by the way it wears its hair.
Does it use NSA's SE Linux kernel patches? Ordinarily, I don't see much use for them, but it seems exactly the sort of thing that you would want for a trusted system.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
It's available on BudgetLinuxCDs.com as an upgrade to woody (recommended installation method)
There are other alternatives to this:
Trusted Solaris
Big IBM Mainframe
But this is the first the runs on run-of-the mill
x86 hardware, and will provide Linux with the sort of enterprise level of protection that Linux needs to be competititve. This may make MS think about security even more!
hint - read the article before responding/modding
Where is it implemented that a trustworthy operating system is required? there should be a standard for printing the word "trusted" on a software program, so that everyone knows what everyone else is talking about. Companies shouldn't just be able to print "trusted", just like i can't print "low fat" on a hamburger if it's not up to some standard of "low fat".
stuff |
Well I don't think this project is trying to push a tightly controlled hardware platform to get better security.
How's the weather in Redmond today?
This is added as a GCC option. (-fstack-protector or similar) All the CONTROL and power of C/C++ is still there. It's an optional feature for when you need it. I don't usually use C and/or C++ for the control though. It's all about performance.
The ratio of people to cake is too big
Now that Debian is "Trusted" (like everyone else in the freaking industry picking up the same buzzword), it's time to remember Anti-Trustworthy Computing.
Why do I h8 apple?
It seems like Cyclone is designed explicitly for this -- somewhere where safety guarantees are worth some slight (but not major) performance penalties. It's a low-level language designed to be very compatible with C, but adds a bunch of safety features to the language (with a mind towards optimization; for example, you can declare a pointer "never-NULL" to avoid run-time NULL-pointer checking). And it gets rid of pretty much all buffer-overflow or pointer-dereferencing style errors, rather than just catching some of them as these ad hoc approaches do.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Is the "Trusted ***" namespace only given to operating systems that meet B2 security levels?
I assume a commity or something gives you the stamp and that then allows you to use "Trusted" in the name of your project?
The ratio of people to cake is too big
Now it is more secure than Debain Stable and more out-of-date.
Please note that Gentoo Linux also comes with a propolice enabled GCC and a PaX-enabled kernel.
It's up to you to use them or not.
{{.sig}}
I get an "input error" from ebay when I do that URL
...you have to hold Linus as well. No double standards.
Or is that really the Linux way?
Performance records? Then you should be using CP/M, if you want to talk that trash. No exploits in any CP/M installation to date. Is CP/M on your machine?
The silence is deafening.
...that i never trust any product that has the word "trust" in it?
pr0n - keeping monitor glass spotless since 1981.
You suggest reading the article, yet the article says explicitly that this is the only distro other than OpenBSD (or, in one case, FreeBSD, and at the beginning, "encumbered" unices. So I guess I wonder, what would you know if somebody from the Trusted Debian project said, "The answer is seven."
It seems to me that your question is poorly phrased. What is it that you really wonder?
Oh, go on, check out my job.
I'm not trolling here, but I can't see the benefit of this over OpenBSD.
Admittedly there are apps that run under Linux that don't run under OpenBSD (namely commercial apps) but in this case, I would expect that running those apps on this system would lose the "Trusted" lack of buffer overflow possiblities etc., which defeats the object of the distribution. And the lack of commerical certification for this product would bely using it for such a reason anyway.
A cursory glance over their website doesn't show me anything which would me want to choose this over OpenBSD. In fact given the maturity of the OpenBSD project, and the man hours that have gone in to that piece of work, that is likely to be my first port of call anyway.
I'm not trying to put down the trusted debian guys, I just fail to see the point of their work (apart from the old - "why not" reason). So, if not for the licensing issue which debian has always held close to, why would anyone pick this over OpenBSD?
The Romans didn't find algebra very challenging, because X was always 10
How can you possibly say most of this seeing as how you got the first post according to a sort by oldest?
Shame on the moderator for marking this as insightful.
Linux, the Maginot Line of security that is the mantra of every Zealot, is proving to be as porous as it's French namesake.
In plainer English: Linux ain't secure, even though Linus SAID it was.
Sure, because these means different things:
Trusted Debian = An open-source OS which have several features which makes it more secure
MS trusted computing = Cripple hardware so user cannot access it, but leave backdoors open for NSA/RIAA/MPAA.
I'll call an OS trusted after its been deployed for at least a year with no intrusions.
How do you call 1.0 of something 'trusted'? Regression testing and looking good on paper is great, but until you can prove that the damn thing works (i.e. make me trust it) it ain't trusted.
That said, I'm going to grab my copy and play around. We need more security-focused distros. BSD has it right (no remote exploits with a base install), linux needs to do a little catching up in the access control area.
John Carmack's Ferrari on eBay!!!!.
Some might say there is a bit of a cause/effect relationship there. You are able to get better performance because you have greater control over your code, etc.
But I do take your point about the insight of making the protector an option.
uh... apperantly you haven't been reading the comments on this thread. I read through about 20 comments so far and not one praise, a few informational posts, and several critisisms.
What I'm sick of hearing on slashdot are people who think they'll sound smart by making immediate and unsubstantiated remarks against what is percieved by them to be the consensus. By acting this way, you might seem like you're noticing what everyone else is too dumb/blind to see, but it doesn't make you insightful, just contrary, which is equally as closed minded as being zealotous.
"Question with boldness even the existence of a god." - Thomas Jefferson
Shouldn't we be pushing to get this integrated into other linux distros?
If Redhat, for example integrated in into RH 10 or Mandrake into 9.2.
I can see this as a use for a firewall or in the wild pc.
If you own a PC and you dont have a firewall between it and the internet, you are pretty damned dumb.
This really is of no use to the average user.
I'd love to see a floppy distro for floppy firewall set up from it though. (upgrade the kernel to 2.4 so we can use modern firewall rules.)
Do not look at laser with remaining good eye.
Real security comes by design, not by sticking your thumb in the dike again and again and again.
--sdem
I mean really, a baby doesn't really have that much of a personality a few days after it's born, and surely can't survive on it's own, so how would it be so wrong to have a post-birth abortion? The same argument applies, right?
I think OpenBSD has been at it with such efforts for a while. Why is FreeBSD shifting its niche, or nudgeing OpenBSD out of the ring?
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
I run a home gateway box with SSH, IMAP, and Apache on open ports. I check for updates daily, and no one else has an account on my box.
/. users) to use something like this? Can someone sum up the benefits?
Is there any compelling reason for someone like me(and most
I'm not downplaying the importance of this kind of project. I can see its usefulness in a corporate environment. I'm just wondering if there's anything I'm forgetting on my current machine, and if this is a good way to address those problems.
http://www.masturbateforpeace.com/
When MS talks about trusted computing you can pretty much assume it's mostly marketing.
When the people at debian talk about trusted computing you can pretty much assume they are serious about putting together a solid and secure system.
It has the do with the character of the people making the annoucement.
War is necrophilia.
Well, in this case the security they're trying to achieve is that of your system, as opposed to certain tightly controlled platforms that simply "secure" data from pirates :). Or your own copies of media that you should be able to fairly use, for that matter (but that's a different discussion entirely).
The main gripes about Microsoft's 'trusted' computing were about:
Disclaimer: I am not in the security business, and all these are based on stuff I heard on Slashdot etc.
Thank you
GrimReality
2003-04-21 20:21:22 UTC (2003-04-21 16:21:22 EDT)
I know this is not an answer to many problems, but I wonder, why there is no biger efford put into binary sandboxing. I would LOVE to limit rights of sub-processes. Possible solution would be a user (group) submask. To explain what I mean:
Suppose you are an ordinary user with 32 bit UID
00 00 00 A7 and mask FF 00 00 00, given by the administrator. This mean you can acces all files (and resources) to which you can "chameleonise" UID to xx 00 00 A7
You can also run a subproces, say, x1 00 00 A7 with rights further restricted. This mean that the parent process will have the acces to all result of the child, but not vice-versa. Now you can run a network browser, email program, downloaded binary-only spyware etc. in their own sandboxes with access to particular resources only (say a directory with ownership 01 00 00 A7). They would not mess-up anything else... You would be able to limit network access etc.
Roman Kantor
PS: The beauty of this hack is that it can work with standard POSIX filesystems, you need to add masks only to processes. I am not sure how difficult would be to hack the linux kernel, but it should be relatively straightforward.
I forgot to mention in my original article, that "Trusted BSD" strives to meet the same security standards that Trusted Solaris does.
"Mandatory Access Controls" and all that fun stuff.
[www.trustedbsd.org]
So, "Trusted Debian" is the odd man out.
when m$ talks about trusted, it is a truly Orwellian example of doublespeak.
"You never want a serious crisis to go to waste." - Rahm Emanuel
So you are personally acquainted with employees of the respective organizations? I thought not... Mind you I'm no fan of Chairman Bill, but really, let's just watch this one on it's merits please...
All the stuff about buffer overflows, code audits, stack randomization... those are all attempts at plugging security issues.
None of them really have anything to do with "trusted computing".
Trusted computing is normally about 2 things: Making sure that nothing has access to anything it's not supposed to, and making sure that there is an audit trail for who did what.
Example: Normal linux distributed -vs- NT.
Okay... I hate windows.. but....
Ever been frustrated because, in windows, if someone sets permissions on a directory they own, and says administrator can't access it... when administrator tries to access it, he gets denied?
In unix, of course, root just ignores said permissions.. or changes them.
In NT.. administrator has to first take ownership of the object THEN change the permissions... and administrator can't assign ownership back to the other user (though of course, administrator can grant access to the object).
Why? So there is a trail of events. Your file was changed? You say you didn't do it? IF administrator did it, it will show in the file permissions.
About a dozen years ago, I worked on an OS called Trusted Xenix. It was put out by
Trusted Information Systems.
It ran quite nicely on about 15 MB of hard drive space on a 386.
But searching the web today, I don't think it is alive anymore.
It was no where near as nice to work with as Linux is, though.
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
Especially when you can get Linux emulation in OpenBSD.
Trusted sounds past tense. Almost like Debian was trusted at one point, but not anymore; that doesn't do much to instill confidence does it?. I propose a name change to "Trusting" Debian, as it sounds much nicer. Better still, we should drop the word Debian (how many people know what a Debian is anyhow?) and just go with the generic word "Computer". Now it's "Trusting Computer". See how that works?
Everyone likes a trusting computer.
Veendows Ekshpee ish very sheckshy!
You know, you shit down vid a shmoke and a pancake and rub zhe NT kernel on your Nederlands!
Hahaha Yesh! De Nederlands! Yesh! hahahha
*takes Debian vial out of pocket and squirts in to mouth*.......
I hef no rekollection of vuht I jusht shaid!
All I know is I am having an AMSTER-DAMN GOOD TIME , Yesh!
If you want security, write in Java. You will never get overflow attacks, will be able to restict access of potentially buggy code to files, network and so on and will greatly reduce the chance that your server will crash because of memory corruption. If you want top performance, write raw C code. If you want both, use JNI for tasks other than processing network data or a C++ class library with bound checking.
/etc/passwd. At the very least, the process will be still crashed by bad input.
The overflow checker only makes a difference when compiling buggy code. And in this case it leaves every single bug exploitable in another way, by changing function's local variables rather than return address. Your network deamon might find itself writting log messages to
I don't think "trusted Debian" name is justified, since the method used only gives a slight increase in security.
No really. Imagine if someone told you of this über-super-deluxe secure system, and told you to "trust me" on that. I'd be a lot more sceptic than if they just gave me a demo and said "have a go at it, see what you think". Why? Because any college drop-out can say "trust me". But actually having something that looks secure and robust is in fact far more complex, even that too might be just good snakeoil.
Kjella
Live today, because you never know what tomorrow brings
i don't see who trusteddebian is by, the whois for debian.org & trusteddebian.org don't match in any way, debian.org news doesn't have anything on it. other then it seems to use the debian package management, i don't see who it is. for all i know it could be a pre-rooted install system by uber-leet zit boy.
/. spell checker.
/. spell checker too, and i still saw this one.
OpenBSD at least has 2 imported things to be able to trust, 1) history, being TD is only 1.0, it doesn't have much, 2) verifiable who, and OpenBSD's people are actually into security, vs un-listed who. are they MS? are the uber-leet boy? are they the same people that call their isp when their printer stops working? (well, since they know the words linux and debian, i can assume they probably aren't that last one)
they look like they are using the
under faqs:
8. How far is the support for RSBAC in Trusted Debian?
There is no real support for RSBAC at the moment. Only install the RSBAC enabled kernel packages when you want to play with RSBAC. It can be used for production use, but only if you kwow what you are doing. These kernels are meant for development and testing purposes.
know - kwow, i use the
-Paranoid Dilutional Untrusted Anonymous Coward
This guy doesn't know what he is talking about. He certainly did not RTFA.
On a normal Linux system running Slashdot, we see this:
On a Slashdot running one of the Trusted Debian kernels, you will see something like this:
As you can see every value is different.
No, but Scott got to choose...
To counter my own pro-Linux/anti-MS bias, I actually tracked crashes, applications hanging and unnecessary reboots on three machines (1 Redhat Linux, 1 Windows 95 and 1 Windows 98). I consider reboots for hardware upgrades or maintenance and for kernel updates to be necessary. Rebooting for an application upgrade or to force a configuration change is unnecessary. I tracked this over a complete 2 year period.
The Linux system never crashed. I hung X Windows twice by misconfiguring it. The 2 Windows boxes had nearly 800 crashes, hangs or unnecessary reboots. I could stop there and conclude that Windows sucks and Linux rules. But there is more to the story. The vast majority of the Windows crashes were on the Win 95 box. I found Windows 98 (properly patched) to be roughly an order of magnitude more stable than Windows 95. I have since been using Windows 2000 at work. It is another order of magnitude more stable based on my usage patterns. Microsoft deserves some credit for managing to get Windows within an order of magnitude of the stability that Linux had several years earlier.
Trusted according to some B2 level security criteria? Microsoft just got some kind of certification similar to that. This is bullshit. Getting these kind of certifications -- like getting the POSIX-compliant certification -- also costs millions of dollars, which FS and OSS developers can't afford and don't need.
Putting some fucking label on a product like B2 level security is NOT going to make it any more or less secure. It is bullshit to assist the mindless masses, and it in fact hinders theme, because it can lie. Does anyone really think that Slowlaris is more than OpenBSD, for example?
Quite frankly, we don't need some security certification to tell us whether or not a FS or OSS software is secure or not. Most of these projects have honesty policies, requiring that they disclose any problems, and we can always look at the code, if we're developers; furthermore, the community is highly organized in the OSS and FS worlds -- much more so than will ever be possible in the proprietary world -- we we can evaluate these things by user-rating and comment.
Formal proof will come with time, as people realize that these "tweaks" and "security enhancements" prevent buffer overflow attacks. We're not going to waste millions of dollars, however, to get a certification that doesn't mean shit. Real-world testing means something. See the F117 Stealth Fighter. Lab-based testing in a narrowly confined environment, however, doesn't mean shit.
social sciences can never use experience to verify their statemen
What are the benefits of implementing this versus an OpenSBD box? I would think that OPENBSD has the highest level of security fanaticism needed but maybe Debian can top that :)
Guess the whole OSS community benefits.
This guy is way out there
If all of this stuff is so good and improves security, why isn't it rolled into the main Debian distribution?
Prevent email address forgery. Publish SPF records for y
Well isnt this the target that palladium is supposed to achieve(or at least the claimed target by M$).
So is this like a palladium competitior, and if it is, why didnt M$ use this approach?
Why is there a penguin on my screen?
The lunatic is in my head
Great idea.
just because your paranoid doesn't mean they are not after you.
Looks like another band-aid for an insecure OS.
Not even the narrow minded linux lovin /. community can take this "secure" system seriously.
look at the top 2 items of this link
propolice is the same gcc stack protection that trusted debian uses, written by the same author whose email address is etoh@openbsd.org.
w^x is similar in concept to pax, but it is faster and doesn't break applications.
this has produced a hilarious 'debate' on the openbsd misc mailing list, as evidenced in threads like this and this
News update: Kurt Cobain is dead. The White House and Congress are both under Republican control. The Dallas Cowboys suck.
Yggdrasil?!?!?!
dinner: it's what's for beer
This is the lesson: assume your OS is insecure and adopt a level of risk acceptance. Don't put all your eggs into one basket unless you really can handle loosing them all. Don't every trust anyone who says they have a "fool proof" or "hacker proof" system or anything to that degree of finality including, "Oh, don't worry... no one will ever break this." If you are running a home server and the worst you have to loose is some of your prized pumpkin pie recipes then I would not worry much at all. If however you store customers' personal information and financial information then yes I would be a bit more concerned.
Two words: marketing buzzword.
1. Create more secure operating system.
2. Give it away for free.
3. ????
4. PROFIT!
Ok, I give, wtf _IS_ the third step that would require a marketing buzzword? I guess you can market for bragging rights, but I am guessing it was more of an afterthought than a business plan.
I bet I can name everyone that has gotten rich on Debian on one hand.............and still have 5 fingers left.
Tequila: It's not just for breakfast anymore!
performance hit and much much longer time to field solutions. With Debian's already slow uber-crawl method of releasing packages and infrastructure updates would be brought to the point that the jokes about them releasing a 2.6 Kernel sometime in 2058 would be just about right.
Come on, she was almost due. Aren't 3rd trimester abortions already illegal? Even reasonable people who disagree on when life begins will agree that a child's life was taken in this case. Although IIRC there have been a lot of cases where they would bring a double murder charge for killers of women fairly early in a pregnancy... Perhaps your theory has some merit after all. Or maybe I'm just remembering TV lawyer shows.
Are you using it to let you remotely check internal data through email? just curious
There seem to be more zealot zealot-haters than any other kind of zealots..
See Jason1729 for version updates:
his likely response will be:
"Well its just, like, Trusted Debian, renamed to Secure Debian....the GNU license lets me do that..and stuff."
Well, I think the more the merrier, its not like they are forcing you to use it. It is just another option in this enlightened internet age.
I do think we should rewrite the legacy net applications. They are old, bloated, and full of security holes. Cyclone is a cool language that no low-level security nut can ignore, but I also don't think it's necessary to write network apps in low-level languages. That's really tedious.
For instance, I rewrote ftpd in SML because I got sick of buffer overflows. It only took me a few days and the result was much leaner (wu_ftpd is 30,000 lines, mine was about 800) and definitely has fewer buffer overflows / heap overflows / double-frees / integer overflows / printf-exploits (SML, like other safe languages, makes it impossible to write such code). If I was able to rewrite that by myself in such a short amount of time, I don't think it would be so much work to reimplement the standard services with a talented team of programmers. Such services would be optimal for the kind of user who wants, say, a working ssh daemon that he doesn't need to update so often, which has support for all of the standard features but nothing fancy (hardware-based authentication, etc.).
If this is how you feel. Send a check to RH and MDK with a letter explaining what you'd like it to be used for. If you provide enough, I'm sure it will happen.
Really important stuff, like say SSHd, should be written in something safe. Just compiling in bounds-checking in an ad hoc manner is both slower and less safe than writing it safely to begin with.
Though as the other poster mentioned, if people just abandoned C in the first place, we'd solve a lot of the problems. Cyclone is nice in that it's a way for people who still want C's low-level control to abandon C's security holes without using a high-level language like SML.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
" So you are personally acquainted with employees of the respective organizations? I thought not... "
Although I have met several MS developers and have interacted with several Debian developers via email I would not say that I am "personally aquanted" with any of them.
I am simply judging the intent of these two organizations based on their past behavior.
War is necrophilia.
Security implementation works when people performa a realistic risk assessment, finding approximately how at risk something is and what the damage would be if it was compromised. Only then do you look at solutions to each and then you can see the costs in time and money to implement them.
No offense to you, but I keep hearing people parrot "regression testing" and I wonder if its not just because it sounds cool.
This is the same government that will gloss over security testing of systems (usually based on Windows, but not like I have not seen it with Solaris) to get them out the door and thus breaking the very system of accreditation and certification. I am all about actually ensuring that the systems are classified by various levels of secure trustworthiness, my beef is in the self serving bureaucracy that underminds those very efforts while covering it all in a veil of buzz words.
IOW, its not the tests themselves that are the problem but the politicians driving system adoption. That is why I see so many systems for the DoD that are a) Crap b) insecure c) overbudget and underfeatured (as per the requirements if those were ever bothered to be gathered and analyzed)
I am weary of the trusted buzz fest because I expect to see crapware gaining trusted status because of the unscrupulous and self serving traitors in the DoD that will defeat the purpose. I see some very dedicated and talented security folk working on these systems... then I see how their work is reversed by self serving decision makers and I wonder why don't they just save money and not do the initial testing.
Were all three used equal amount of times doing similar tasks?
I'm not trying to debunk your claim, the whole idea of it wouldn't hold a whole lot of water if the linux box was your NAT box or the like, and you used the Windows machines as your workstations fulltime. What did the roles of the three machines play?
DrPascal: Not the language, the mathematician.
hey, good post! Actually informative in e-z to understand english for non-programmers.
Hope the other distros jump all over these innovations!
sorry, no mod points,, give ya a virtual +1 though.
Using your logic, would it really be much of a difference if she 'decided' AFTER her child were born?
How so? Since the feuts was NOT born, what you are saying makes no sense.
You are just having a hissy fit because your reasoning has been proven false. Boo hoo hoo, crybaby.
I was there, I know firsthand about weak defenses. This story of this quaint "Linux" reminded me of the pathetic attempts by Paris to stop us.
Now I am a hacker/cracker, whatever kitschy pop culture appellation you and your slackware-jawed mass media addicted companions desire to use. Because time is short, I will be blunt. I attack all sorts of Linux and Unicen, simply to expose the arrogance of this so called "security" that you feel is inherent in your precious OSes. I must say, even the Vichy government put up more of a fight than that pathetic kernel your vaunted Linus dredged out of his ass.
They should drop the word "Debian" because it isn't an official Debian project. Those people have never contacting the Debian developers at all.
Who made this distribution? This isn't an official Debian project at all, in fact the Debian developers knew nothing about it until today. On the whole site there isn't a single email or name given, and the mailing list archives are password protected. I wouldn't trust this project at all, if the developers don't even say their names.
I haven't seen anyone give this reason yet, and I'm not trolling either.
Simple answer is that Linux kernel evolves very fast. OpenBSD just cannot possibly keep up. No, it's not dying, but no, it will never be as feature complete and as performant as Linux for two reasons. One, it's not the focus of OpenBSD, and two, man power is vastly different on Linux vs. OpenBSD kernels (even FreeBSD, and OpenBSD is divergent from FreeBSD, so it doesn't automatically get every single feature from FreeBSD kernel). Commercial entities prefer to share their code under GPL (due to competition) and plus Linux is more popular for other reasons (like it's more "sexy", not a very valid reason, but it doesn't matter if it brings more people in).
To put it plainly, Linux 2.6 is going to blow FreeBSD (let alone OpenBSD) kernel to bits as far as features and performance go. So, if performance is important to you, you want to use Linux. Want to use XFS? Does XFS work with OpenBSD?
Also, Debian apt is just a better system then ports because you don't need to compile crap (but you still can if you want to). Yea, it's not as "optimized" or "flexible", blah...but when you just need to get some work done, it works. That's why there is Debian for FreeBSD kernel too, so that you can use all the benefits of Debian apt together with the "sexy" FreeBSD kernel. This is not a reason for using Trusted Debian (if anything, might be a reason against it), nonetheless, it's something to keep in mind.
OpenBSD has top notch people working on it and it's a quality system, no doubt. It's got a good security track record (not perfect). But there is also lots of security work (www.grsecurity.net, and many others) being done in Linux space and to say that code from those efforts is less secure than OpenBSD equivalent, without factual comparison, is just not right. Frankly, the only comparison I ever see is against vanilla Linux, and Linux kernel itself only had one hole recently. Not perfect, but not terrible either. IIRC, grsecurity patched kernel wasn't affected by the hole (but I don't have time to double check this).
That's not security through obscurity. By that analogy, a randomly generated key is security through obscurity. "The key ain't what you thought it was". Randomly locating the stack is like tossing a few extra bits onto your key space. Pretending that no one knows the stack is randomly located would be security through obscurity.
The real value of a randomly located stack is its protection from worms. Worms that exploit a stack-overflow hole will only work on a small subset of debian systems--slowing down the spread of that worm, and leaving most systems immune to it.
I certainly think binary sandboxing would be a good idea, though implementing it has a lot of various tricky issues I'd imagine. It wouldn't solve all problems though; for example, the recent OpenSSH root exploit would've been prevented if it had been written in Cyclone, but would not have been prevented by binary sandboxing, since OpenSSH has to run as root (or some other priviliged user) to be useful.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
One reason is because this uses rsbac.
I run rsbac on all my servers (mostly slack), because it is the most flexible/powerfull out of these types of patches available...ie lids/selinux
OpenBSD might be nice for a server without users, but for a secure os it is lacking in control, as where this distro, and rsbac provide much more control for you to restrict access.
A couple of Alexa links... OpenBSD http://www.alexa.com/data/details/traffic_details? &range=3m&size=medium&compare_sites=&url=http://ww w.OpenBSD.org/#top
FreeBSD
http://www.alexa.com/data/details/traffic_details? q=&url=http://www.freebsd.org/
Both pages are trending up.
That should set expectations straight....
It seems that when the OS/distribution is hard to install it's usually more secure.
Windows - easy install, crappy security
Linux - medium installation, somewhat secure
OpenBSD - You can install it?
So, will Trusted Debian include even poorer and harder installation than normal Debian?
Here, in the Department of Defense, we define a "trusted system" or "trusted component" as one which can break the security policy. This is the definition, from which the term "trusted computing" has evolved. It is not "good" or "bad." It is bad, however, if you misleadingly advertise it as synonymous to "secure." Microsoft is working on a trusted system, they call it a trusted system, but they market it as a secure one. Trusted Debian developers are working on a secure system, they market it as secure, but they call it a trusted one. Either way, they mislead people who don't understand the difference between "trusted" and "secure." It is important to know the difference, because there are situations when trusted system cannot be secure and vice versa, depanding on who you want it to be secure for, and who you want tit to be trusted for, and how. Please don't make the misunderstanding worse by "reclaim[ing] the language" which you don't even understand yourself.
(Debian is Isinai bed)
So what you are saying is that it's impossible to build a trusted system?
I don't follow, sorry. THe point is the system is designed to enforce a certain issue; the fact that there may be a way around it by going outside that system is irrelevant.