Trusted Debian v1.0 Released

← Back to Stories (view on slashdot.org)

Posted by timothy on Monday April 21, 2003 @07:45AM from the trusty-too dept.

Peter Busser writes "The Trusted Debian project releases its first official release, v1.0. Its main focus is solving most (but unlikely all) buffer overflow problems. It features PaX, a kernel patch which does several things. It tries to keep code and data apart, it randomizes stack, code, heap and shared libraries, it does strict mprotect() checking and it also protects the kernel. Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code. It also features FreeS/WAN and RSBAC, an extensive access control framework. More information is available from the website. There is also a demonstration available for the special capabilities of this release."

6 of 259 comments (clear)

Min score:

Reason:

Sort:

AHA! by FortKnox · 2003-04-21 07:50 · Score: 4, Insightful

which adds overflow checks to C/C++ code

Overflow check? But I thought C/C++'ers like the amount of CONTROL that comes from being able to shoot themselves in the foot!

At least, that's what they tell me when I tell them I program in Java now.
Guess you'll need to figure a way around these checks, eh? ;-)

--
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Re:Eh? by ZenShadow · 2003-04-21 08:04 · Score: 5, Insightful

Two words: marketing buzzword.

--
-- sigs cause cancer.
Re:No Remote... by Jason1729 · 2003-04-21 08:08 · Score: 4, Insightful

Secure Debian sounds like a good name for it. The first thing I thought of when I read Trusted Debian was that it will be like palladium.

Jason
ProfQuotes
A trusted 1.0... by japhar81 · 2003-04-21 08:11 · Score: 4, Insightful

I'll call an OS trusted after its been deployed for at least a year with no intrusions.

How do you call 1.0 of something 'trusted'? Regression testing and looking good on paper is great, but until you can prove that the damn thing works (i.e. make me trust it) it ain't trusted.

That said, I'm going to grab my copy and play around. We need more security-focused distros. BSD has it right (no remote exploits with a base install), linux needs to do a little catching up in the access control area.
Trite bullshit by I+Am+The+Owl · 2003-04-21 08:18 · Score: 4, Insightful

I can't believe somebody modded you up for that. This doesn't even begin to approach the level of security that the likes of Trusted Solaris and high end IBM software is at. It's just a collection of security fixes and patches. It's not even introduction of an ACL system like TrustedBSD has. It's just a half-assed attempt at a security audit to remove the existing bugs.
Real security comes by design, not by sticking your thumb in the dike again and again and again.

--

--sdem
Trusted Computing. by mindstrm · 2003-04-21 08:28 · Score: 4, Insightful

All the stuff about buffer overflows, code audits, stack randomization... those are all attempts at plugging security issues.
None of them really have anything to do with "trusted computing".

Trusted computing is normally about 2 things: Making sure that nothing has access to anything it's not supposed to, and making sure that there is an audit trail for who did what.

Example: Normal linux distributed -vs- NT.

Okay... I hate windows.. but....

Ever been frustrated because, in windows, if someone sets permissions on a directory they own, and says administrator can't access it... when administrator tries to access it, he gets denied?
In unix, of course, root just ignores said permissions.. or changes them.
In NT.. administrator has to first take ownership of the object THEN change the permissions... and administrator can't assign ownership back to the other user (though of course, administrator can grant access to the object).
Why? So there is a trail of events. Your file was changed? You say you didn't do it? IF administrator did it, it will show in the file permissions.