Trusted Debian v1.0 Released

Peter Busser writes "The Trusted Debian project releases its first official release, v1.0. Its main focus is solving most (but unlikely all) buffer overflow problems. It features PaX, a kernel patch which does several things. It tries to keep code and data apart, it randomizes stack, code, heap and shared libraries, it does strict mprotect() checking and it also protects the kernel. Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code. It also features FreeS/WAN and RSBAC, an extensive access control framework. More information is available from the website. There is also a demonstration available for the special capabilities of this release."

bad/evil marketing by debian

[bolthole]

The naming of this subproject is either poorly thought out, or just downright underhanded.

"Trusted Debian" is clearly targetted to compete with "Trusted Solaris" and "Trusted(?name right?) BSD". However, "Trusted Solaris" has been CERTIFIED to meet B2 level security criteria. There is no mention of any such certification, either performed, or in progress, on the project's home page. It is just a collection of security enhancements and tweaks that is "hoped" will merit the system being trusted, but I see no formal proof or audit of that.

SE Linux

[Erwos]

Does it use NSA's SE Linux kernel patches? Ordinarily, I don't see much use for them, but it seems exactly the sort of thing that you would want for a trusted system.

-Erwos

Eh?

[Cthefuture]

Is the "Trusted ***" namespace only given to operating systems that meet B2 security levels?

I assume a commity or something gives you the stamp and that then allows you to use "Trusted" in the name of your project?

Why not OpenBSD?

[unixbob]

I'm not trolling here, but I can't see the benefit of this over OpenBSD.

Admittedly there are apps that run under Linux that don't run under OpenBSD (namely commercial apps) but in this case, I would expect that running those apps on this system would lose the "Trusted" lack of buffer overflow possiblities etc., which defeats the object of the distribution. And the lack of commerical certification for this product would bely using it for such a reason anyway.

A cursory glance over their website doesn't show me anything which would me want to choose this over OpenBSD. In fact given the maturity of the OpenBSD project, and the man hours that have gone in to that piece of work, that is likely to be my first port of call anyway.

I'm not trying to put down the trusted debian guys, I just fail to see the point of their work (apart from the old - "why not" reason). So, if not for the licensing issue which debian has always held close to, why would anyone pick this over OpenBSD?

Whats in it for me?

[jasno]

I run a home gateway box with SSH, IMAP, and Apache on open ports. I check for updates daily, and no one else has an account on my box.

Is there any compelling reason for someone like me(and most /. users) to use something like this? Can someone sum up the benefits?

I'm not downplaying the importance of this kind of project. I can see its usefulness in a corporate environment. I'm just wondering if there's anything I'm forgetting on my current machine, and if this is a good way to address those problems.

Binary sandboxing instead of safe languages?

I know this is not an answer to many problems, but I wonder, why there is no biger efford put into binary sandboxing. I would LOVE to limit rights of sub-processes. Possible solution would be a user (group) submask. To explain what I mean:

Suppose you are an ordinary user with 32 bit UID
00 00 00 A7 and mask FF 00 00 00, given by the administrator. This mean you can acces all files (and resources) to which you can "chameleonise" UID to xx 00 00 A7

You can also run a subproces, say, x1 00 00 A7 with rights further restricted. This mean that the parent process will have the acces to all result of the child, but not vice-versa. Now you can run a network browser, email program, downloaded binary-only spyware etc. in their own sandboxes with access to particular resources only (say a directory with ownership 01 00 00 A7). They would not mess-up anything else... You would be able to limit network access etc.

Roman Kantor

PS: The beauty of this hack is that it can work with standard POSIX filesystems, you need to add masks only to processes. I am not sure how difficult would be to hack the linux kernel, but it should be relatively straightforward.

Re:speed?

[evilviper]

Don't all these "overflow checkers" kill the speed of C(++) apps?

No. OpenBSD 3.3 has 4 different forms of buffer/memory/stack protection, and Theo says that, not only is there NOT a slowdown, but on a couple architectures, it actually speeds things up!

It seems that the Debian organization's main purpose is to emulate OpenBSD... They are dedicated to maintaining older, stable versions of software, they use NetBSD as the core of their Debian BSD distro, and now they almost directly copy OpenBSD's recent security efforts.

Not that there is anything wrong with that. I just find it very interesting.

Why not roll this into Debian?

[FattMattP]

If all of this stuff is so good and improves security, why isn't it rolled into the main Debian distribution?

Re:trusted according to WHO?

[bolthole]

Trusted according to some B2 level security criteria? Microsoft just got some kind of certification similar to that.

Microsoft got C2 certification for a specific NT configuration a while back, and only when NOT CONNECTED TO A NETWORK!!

'C' levels are nowhere close to 'B' levels.