Slashdot Mirror
Trusted Debian v1.0 Released
Peter Busser writes "The Trusted Debian project releases its first official release, v1.0. Its main focus is solving most (but unlikely all) buffer overflow problems. It features PaX, a kernel patch which does several things. It tries to keep code and data apart, it randomizes stack, code, heap and shared libraries, it does strict mprotect() checking and it also protects the kernel. Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code. It also features FreeS/WAN and RSBAC, an extensive access control framework. More information is available from the website. There is also a demonstration available for the special capabilities of this release."
It's available on BudgetLinuxCDs.com as an upgrade to woody (recommended installation method)
Well I don't think this project is trying to push a tightly controlled hardware platform to get better security.
This is added as a GCC option. (-fstack-protector or similar) All the CONTROL and power of C/C++ is still there. It's an optional feature for when you need it. I don't usually use C and/or C++ for the control though. It's all about performance.
The ratio of people to cake is too big
It seems like Cyclone is designed explicitly for this -- somewhere where safety guarantees are worth some slight (but not major) performance penalties. It's a low-level language designed to be very compatible with C, but adds a bunch of safety features to the language (with a mind towards optimization; for example, you can declare a pointer "never-NULL" to avoid run-time NULL-pointer checking). And it gets rid of pretty much all buffer-overflow or pointer-dereferencing style errors, rather than just catching some of them as these ad hoc approaches do.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Please note that Gentoo Linux also comes with a propolice enabled GCC and a PaX-enabled kernel.
It's up to you to use them or not.
{{.sig}}
It was somewhat implied. Debian has now diluted the use of the word.
If you work for the Government on classified systems they prefer "Trusted" versions of operating systems (Trusted Solaris, AIX, IRIX, etc.) These operating systems are approved for TCSEC B level security (Common Criteria EAL4 and higher). All parts of the OS are tested for Mandatory Access Control, extended auditing and logging, and data protection. installing any of these on a home system is overkill (and in the case of the ones I just mentioned, expensive). But if you are processing Top Secret information and want full audit trails and complete trust, these are the operating systems that will deliver it. The only thing I do not see with Trusted Debian is the extended auditing and logging. The secure code base is nice, but if they intend to get into the Government with this, I think they have a long way to go.
No, it doesn't. It will include RSBAC in the near future, but the first step was this.
Here you go, you "too lazy to read the article" newbie
it randomizes stack, code, heap and shared libraries
PaX randomizes the place a program is loaded into memory. Buffer overflow attacks depend on the exact location of memory locations. Attacks are much harder when that location varies every time a program is executed. Thus making it much harder for attackers to locate the exact locations they need for a succesful attack. Again, PaX is the first to implement this kind of protection. No other UNIX system uses this kind of protection against buffer overflows, except OpenBSD. But their implementation is more restricted. It will randomize only one aspect of the memory (which technical people call the stack) where PaX randomizes four aspects (stack, heap, libraries and the main executable) and their implementation uses 10 bits against 24 bits for PaX
it does strict mprotect() checking
it adds proper checking to how memory is being used, to prevent badly written programs from accidentally opening up certain kinds of security holes
it also protects the kernel.
Third, PaX tries to do its best to keep code and data separate. Many buffer overflow attacks try to write some data and then try to execute it, as if it were code. PaX tries to prevent this. Fourth, PaX enforces the same kind of protection to the core of the system, the Linux kernel itself. Again, this is unique to PaX, there is no other UNIX system which offers the same kind of protection of its kernel
Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code.
The second product used by Trusted Debian to solve the buffer overflow problem is called the stack protector, formerly known as propolice. It is a modified GCC compiler written by Hiroaki Etoh at IBM and it adds a kind of ``booby-traps'' inside programs which are triggered when a buffer overflow occurs. The program is then terminated before the overflow can do any damage.
It also features FreeS/WAN and RSBAC, an extensive access control framework. Trusted Debian adds more than just these buffer overflow protection technology. Version v1.0 also ships with RSBAC, an extensive access control framework which will play an important role in future releases. And FreeS/WAN, which is able to encrypt all TCP/IP communication between two machines and can therefore be used for setting up VPNs or securing wireless LAN communication, among other things.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
For example: you have only one computer.
You mostly do tho tasks on that computer:
- Managing your money in spreadsheet.
- Browse the web.
In trusted RSBAC system you can create different
levels of information protection: for example
your spreadsheets will be marked "My Own Important
Data" and you can have access to them only if you
switch your security level to "Manage Important Data". In this case browsing will be disabled and only trusted programs will be allowed to run.
No web data or malicious programs can then interfere with your financial stuff.
RSBAC (mentioned here)
does that and more.
The reason "why not" is actually stated as one of the project's motivations: they want to make running a "secure" system easy for the normal user. OpenBSD is definitely a reasonably nice system, but easy it is not. Unless something has changed in the last three or four years, anyway...
-- sigs cause cancer.
In Theo's post on theaimsgroup.com web site, I don't see anything supporting your assertion that OpenBSD's new memory protection "actually speeds things up".
cpeterso
From the Article:
Hmm, well that sounds exactly like the memory protection that has already been implimented in OpenBSD 3.3. Interestingly enough, all this software was available long before this article was written, it just wasn't put into the base system at the time.
It's rather hypocritical if you ask me. He ran down all the protection mechanisms available for Linux (none of which come together in a single distro), but completely and entirely neglected similar software that WAS available for OpenBSD.
TCP port ACLs are still not in OpenBSD, BUT there is a patch that is available to do this, it's just not in the OpenBSD base as of yet. Of course, TCP port ACLs don't come with the base Linux kernel either.
Also worth a footnote is that Systrace can be used to enforce TCP/UDP port ACLs on any software run under systrace. In other words, you run bind under systrace, and there is no way for it to open any ports other than 53, which you specify. It's not what people typically think of when they consider TCP/UDP port ACLs, but it does the same job. Systrace is in the OpenBSD base system.
Well Systrace easilly accomplishes the above. You can impose arbitrary restrictions on binary programs, wether they are native OpenBSD binaries, or Linux binaries under emulation.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
My mistake... I've read about all this stuff a while ago, so I didn't correctly remember which post talked about which aspects of it.
It can be found in this magicpoint presentation. It's several pages into the presenatiton. it's plain text with some markup, so you can just grep through it (look for "sped") if you don't want to install magicpoint: http://www.openbsd.org/papers/csw03.mgp
I've read it other places before I saw the presentation, but google isn't working very well to find them, I don't have links to everything (I'd have millions of links if I make a link of everything, and kept them for this long), and I'm not going to spend a lot of time tracking down where I read this stuff. Check out deadly.org, or the OpenBSD misc/tech mailing list archives if you want additional confirmation, and discussion on the subject of the speed-up...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
>bad/evil marketing by debian
This project is based on debian, but not by debian. It is an independent project. Hence it cannoty be bad/evil marketing by debian.