Slashdot Mirror
Trusted Debian v1.0 Released
Peter Busser writes "The Trusted Debian project releases its first official release, v1.0. Its main focus is solving most (but unlikely all) buffer overflow problems. It features PaX, a kernel patch which does several things. It tries to keep code and data apart, it randomizes stack, code, heap and shared libraries, it does strict mprotect() checking and it also protects the kernel. Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code. It also features FreeS/WAN and RSBAC, an extensive access control framework. More information is available from the website. There is also a demonstration available for the special capabilities of this release."
The naming of this subproject is either poorly thought out, or just downright underhanded.
"Trusted Debian" is clearly targetted to compete with "Trusted Solaris" and "Trusted(?name right?) BSD". However, "Trusted Solaris" has been CERTIFIED to meet B2 level security criteria. There is no mention of any such certification, either performed, or in progress, on the project's home page. It is just a collection of security enhancements and tweaks that is "hoped" will merit the system being trusted, but I see no formal proof or audit of that.
Don't all these "overflow checkers" kill the speed of C(++) apps? I'd like to see some comparisons between the two distributions.
Are the packages the same or unique? If the latter, why not merge w/ the original code and help us all out?
Is this better or worse than the NSA's secure kernel? Why is a new distribution required if a kernel is all that's changed?
You can't judge a book by the way it wears its hair.
Does it use NSA's SE Linux kernel patches? Ordinarily, I don't see much use for them, but it seems exactly the sort of thing that you would want for a trusted system.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
Is the "Trusted ***" namespace only given to operating systems that meet B2 security levels?
I assume a commity or something gives you the stamp and that then allows you to use "Trusted" in the name of your project?
The ratio of people to cake is too big
I'm not trolling here, but I can't see the benefit of this over OpenBSD.
Admittedly there are apps that run under Linux that don't run under OpenBSD (namely commercial apps) but in this case, I would expect that running those apps on this system would lose the "Trusted" lack of buffer overflow possiblities etc., which defeats the object of the distribution. And the lack of commerical certification for this product would bely using it for such a reason anyway.
A cursory glance over their website doesn't show me anything which would me want to choose this over OpenBSD. In fact given the maturity of the OpenBSD project, and the man hours that have gone in to that piece of work, that is likely to be my first port of call anyway.
I'm not trying to put down the trusted debian guys, I just fail to see the point of their work (apart from the old - "why not" reason). So, if not for the licensing issue which debian has always held close to, why would anyone pick this over OpenBSD?
The Romans didn't find algebra very challenging, because X was always 10
uh... apperantly you haven't been reading the comments on this thread. I read through about 20 comments so far and not one praise, a few informational posts, and several critisisms.
What I'm sick of hearing on slashdot are people who think they'll sound smart by making immediate and unsubstantiated remarks against what is percieved by them to be the consensus. By acting this way, you might seem like you're noticing what everyone else is too dumb/blind to see, but it doesn't make you insightful, just contrary, which is equally as closed minded as being zealotous.
"Question with boldness even the existence of a god." - Thomas Jefferson
I can see this as a use for a firewall or in the wild pc.
If you own a PC and you dont have a firewall between it and the internet, you are pretty damned dumb.
This really is of no use to the average user.
I'd love to see a floppy distro for floppy firewall set up from it though. (upgrade the kernel to 2.4 so we can use modern firewall rules.)
Do not look at laser with remaining good eye.
It's harder to compromise the machine and access your data. However, if you are a basic home user, then you probably aren't running any services (web server, email server, DNS server, etc.) that would cause you to be vulnerable to attack. This kind of initiative makes it harder to use a connection to a computer to compromise it. If your computer doesn't have any services that answer connections, then it can't be compromised. Thus, for a home user, this probably doesn't do much for you.
You might want to look at the Debian Desktop project or check out LindowsOS or Xandros. They are more targeted towards home users than this (or than straight Debian for that matter). The stable versions of Debian are primarily aimed at servers. Unstable and testing are geared towards techies and developers.
There are also several other distros that are not based on Debian that are aimed more towards home users. Debian has an advantage here, however, since they have apt-get to manage package dependencies, downloads, and installs.
I run a home gateway box with SSH, IMAP, and Apache on open ports. I check for updates daily, and no one else has an account on my box.
/. users) to use something like this? Can someone sum up the benefits?
Is there any compelling reason for someone like me(and most
I'm not downplaying the importance of this kind of project. I can see its usefulness in a corporate environment. I'm just wondering if there's anything I'm forgetting on my current machine, and if this is a good way to address those problems.
http://www.masturbateforpeace.com/
When MS talks about trusted computing you can pretty much assume it's mostly marketing.
When the people at debian talk about trusted computing you can pretty much assume they are serious about putting together a solid and secure system.
It has the do with the character of the people making the annoucement.
War is necrophilia.
I know this is not an answer to many problems, but I wonder, why there is no biger efford put into binary sandboxing. I would LOVE to limit rights of sub-processes. Possible solution would be a user (group) submask. To explain what I mean:
Suppose you are an ordinary user with 32 bit UID
00 00 00 A7 and mask FF 00 00 00, given by the administrator. This mean you can acces all files (and resources) to which you can "chameleonise" UID to xx 00 00 A7
You can also run a subproces, say, x1 00 00 A7 with rights further restricted. This mean that the parent process will have the acces to all result of the child, but not vice-versa. Now you can run a network browser, email program, downloaded binary-only spyware etc. in their own sandboxes with access to particular resources only (say a directory with ownership 01 00 00 A7). They would not mess-up anything else... You would be able to limit network access etc.
Roman Kantor
PS: The beauty of this hack is that it can work with standard POSIX filesystems, you need to add masks only to processes. I am not sure how difficult would be to hack the linux kernel, but it should be relatively straightforward.
Trusted according to some B2 level security criteria? Microsoft just got some kind of certification similar to that. This is bullshit. Getting these kind of certifications -- like getting the POSIX-compliant certification -- also costs millions of dollars, which FS and OSS developers can't afford and don't need.
Putting some fucking label on a product like B2 level security is NOT going to make it any more or less secure. It is bullshit to assist the mindless masses, and it in fact hinders theme, because it can lie. Does anyone really think that Slowlaris is more than OpenBSD, for example?
Quite frankly, we don't need some security certification to tell us whether or not a FS or OSS software is secure or not. Most of these projects have honesty policies, requiring that they disclose any problems, and we can always look at the code, if we're developers; furthermore, the community is highly organized in the OSS and FS worlds -- much more so than will ever be possible in the proprietary world -- we we can evaluate these things by user-rating and comment.
Formal proof will come with time, as people realize that these "tweaks" and "security enhancements" prevent buffer overflow attacks. We're not going to waste millions of dollars, however, to get a certification that doesn't mean shit. Real-world testing means something. See the F117 Stealth Fighter. Lab-based testing in a narrowly confined environment, however, doesn't mean shit.
social sciences can never use experience to verify their statemen
If all of this stuff is so good and improves security, why isn't it rolled into the main Debian distribution?
Prevent email address forgery. Publish SPF records for y
I do think we should rewrite the legacy net applications. They are old, bloated, and full of security holes. Cyclone is a cool language that no low-level security nut can ignore, but I also don't think it's necessary to write network apps in low-level languages. That's really tedious.
For instance, I rewrote ftpd in SML because I got sick of buffer overflows. It only took me a few days and the result was much leaner (wu_ftpd is 30,000 lines, mine was about 800) and definitely has fewer buffer overflows / heap overflows / double-frees / integer overflows / printf-exploits (SML, like other safe languages, makes it impossible to write such code). If I was able to rewrite that by myself in such a short amount of time, I don't think it would be so much work to reimplement the standard services with a talented team of programmers. Such services would be optimal for the kind of user who wants, say, a working ssh daemon that he doesn't need to update so often, which has support for all of the standard features but nothing fancy (hardware-based authentication, etc.).
Isn't the problem that the majority is insecure, not the few people that care? This should be in Debian, not some offshoot.
No offense to you, but I keep hearing people parrot "regression testing" and I wonder if its not just because it sounds cool.