Trusted Debian v1.0 Released

← Back to Stories (view on slashdot.org)

Posted by timothy on Monday April 21, 2003 @07:45AM from the trusty-too dept.

Peter Busser writes "The Trusted Debian project releases its first official release, v1.0. Its main focus is solving most (but unlikely all) buffer overflow problems. It features PaX, a kernel patch which does several things. It tries to keep code and data apart, it randomizes stack, code, heap and shared libraries, it does strict mprotect() checking and it also protects the kernel. Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code. It also features FreeS/WAN and RSBAC, an extensive access control framework. More information is available from the website. There is also a demonstration available for the special capabilities of this release."

11 of 259 comments (clear)

Min score:

Reason:

Sort:

No Remote... by strateego · 2003-04-21 07:49 · Score: 5, Funny

No remote holes in three minutes will be the new slogan of the Secure Debian project.

This must be a new linux record. :P

--
Got Extra Money?
bad/evil marketing by debian by bolthole · 2003-04-21 07:52 · Score: 5, Interesting

The naming of this subproject is either poorly thought out, or just downright underhanded.

"Trusted Debian" is clearly targetted to compete with "Trusted Solaris" and "Trusted(?name right?) BSD". However, "Trusted Solaris" has been CERTIFIED to meet B2 level security criteria. There is no mention of any such certification, either performed, or in progress, on the project's home page. It is just a collection of security enhancements and tweaks that is "hoped" will merit the system being trusted, but I see no formal proof or audit of that.
Oh, come ON by Cthefuture · 2003-04-21 07:58 · Score: 5, Informative

This is added as a GCC option. (-fstack-protector or similar) All the CONTROL and power of C/C++ is still there. It's an optional feature for when you need it. I don't usually use C and/or C++ for the control though. It's all about performance.

--
The ratio of people to cake is too big
More out of date by Anonymous Coward · 2003-04-21 08:01 · Score: 5, Funny

Now it is more secure than Debain Stable and more out-of-date.
Trusted Gentoo by chrysalis · 2003-04-21 08:01 · Score: 5, Informative

Please note that Gentoo Linux also comes with a propolice enabled GCC and a PaX-enabled kernel.

It's up to you to use them or not.

--
{{.sig}}
Re:Eh? by ZenShadow · 2003-04-21 08:04 · Score: 5, Insightful

Two words: marketing buzzword.

--
-- sigs cause cancer.
Why is it... by flacco · 2003-04-21 08:05 · Score: 5, Funny

...that i never trust any product that has the word "trust" in it?

--
pr0n - keeping monitor glass spotless since 1981.
Why not OpenBSD? by unixbob · 2003-04-21 08:06 · Score: 5, Interesting

I'm not trolling here, but I can't see the benefit of this over OpenBSD.

Admittedly there are apps that run under Linux that don't run under OpenBSD (namely commercial apps) but in this case, I would expect that running those apps on this system would lose the "Trusted" lack of buffer overflow possiblities etc., which defeats the object of the distribution. And the lack of commerical certification for this product would bely using it for such a reason anyway.

A cursory glance over their website doesn't show me anything which would me want to choose this over OpenBSD. In fact given the maturity of the OpenBSD project, and the man hours that have gone in to that piece of work, that is likely to be my first port of call anyway.

I'm not trying to put down the trusted debian guys, I just fail to see the point of their work (apart from the old - "why not" reason). So, if not for the licensing issue which debian has always held close to, why would anyone pick this over OpenBSD?

--
The Romans didn't find algebra very challenging, because X was always 10
Re:trusted for what? by nemaispuke · 2003-04-21 08:09 · Score: 5, Informative

If you work for the Government on classified systems they prefer "Trusted" versions of operating systems (Trusted Solaris, AIX, IRIX, etc.) These operating systems are approved for TCSEC B level security (Common Criteria EAL4 and higher). All parts of the OS are tested for Mandatory Access Control, extended auditing and logging, and data protection. installing any of these on a home system is overkill (and in the case of the ones I just mentioned, expensive). But if you are processing Top Secret information and want full audit trails and complete trust, these are the operating systems that will deliver it. The only thing I do not see with Trusted Debian is the extended auditing and logging. The secure code base is nice, but if they intend to get into the Government with this, I think they have a long way to go.
Re:SE Linux by RamDyne · 2003-04-21 08:15 · Score: 5, Informative

No, it doesn't. It will include RSBAC in the near future, but the first step was this.
Re:Can someone explain this? by frodo+from+middle+ea · 2003-04-21 08:18 · Score: 5, Informative

Here you go, you "too lazy to read the article" newbie
it randomizes stack, code, heap and shared libraries
PaX randomizes the place a program is loaded into memory. Buffer overflow attacks depend on the exact location of memory locations. Attacks are much harder when that location varies every time a program is executed. Thus making it much harder for attackers to locate the exact locations they need for a succesful attack. Again, PaX is the first to implement this kind of protection. No other UNIX system uses this kind of protection against buffer overflows, except OpenBSD. But their implementation is more restricted. It will randomize only one aspect of the memory (which technical people call the stack) where PaX randomizes four aspects (stack, heap, libraries and the main executable) and their implementation uses 10 bits against 24 bits for PaX
it does strict mprotect() checking
it adds proper checking to how memory is being used, to prevent badly written programs from accidentally opening up certain kinds of security holes
it also protects the kernel.
Third, PaX tries to do its best to keep code and data separate. Many buffer overflow attacks try to write some data and then try to execute it, as if it were code. PaX tries to prevent this. Fourth, PaX enforces the same kind of protection to the core of the system, the Linux kernel itself. Again, this is unique to PaX, there is no other UNIX system which offers the same kind of protection of its kernel
Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code.
The second product used by Trusted Debian to solve the buffer overflow problem is called the stack protector, formerly known as propolice. It is a modified GCC compiler written by Hiroaki Etoh at IBM and it adds a kind of ``booby-traps'' inside programs which are triggered when a buffer overflow occurs. The program is then terminated before the overflow can do any damage.
It also features FreeS/WAN and RSBAC, an extensive access control framework. Trusted Debian adds more than just these buffer overflow protection technology. Version v1.0 also ships with RSBAC, an extensive access control framework which will play an important role in future releases. And FreeS/WAN, which is able to encrypt all TCP/IP communication between two machines and can therefore be used for setting up VPNs or securing wireless LAN communication, among other things.

--
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".