Contributed by jose on from the examples dept.
"OpenBSD is hailed as a reference point and a source of inspiration in this article.It appears that one of the things that OpenBSD does best is lead by example, showing that attention to detail and careful thought in the design and development phases can make a real difference. Let's see if they can effectively improve all of the projects they integrate with.http://www.trusteddebian.org/motivation.html
They even want to threaten the openbsd-project ;-)"
(Comments are closed)
By Anonymous Coward () on
Very... professional?
Comments
By W () on
By Peter Busser () peter@trusteddebian.org on www.trusteddebian.org
It's nice to see some OpenBSD people taking it so... seriously.
BTW, it's not ironi but irony (for those of you who seem to have difficulty finding it in the dictionary).
Groetjes,
Peter Busser (who now ducks for cover :-)
Comments
By W () on
BTW, it's not ironi but irony (for those of you who seem to have difficulty finding it in the dictionary).
I actually know that, but when 'ironi' is the Norwegian (my first language) word for the English 'irony', it's easy to make that mistake once in a while.
Hey, I'm on your side here (kinda)! ;-)
By zil0g () on
=)
By RC () on
By Anonymous Coward () on
one suppoting smp and secure access controls
one that only just got non-exec stack support(for a secure os this should have been much earlier)
i know which i choose
the better one :)
Comments
By Peter Busser () peter@trusteddebian.org on www.trusteddebian.org
I agree that Linux should have had things like the PaX patch into the kernel much earlier. However, you are mistaken in that it only provides a non-executable stack. It does more than that in fact (see http://pageexec.virtualave.net/docs/). The guy who wrote this patch would like to hear about shortcomings in his design, maybe you can convince him that the OpenBSD approach is better than his.
The secure access control framework is already available in the form of RSBAC (http://www.rsbac.org/). The work on RSBAC started in 1996, which makes it roughly as old as OpenBSD and it implements several formal security models. It is also portable, so you can easily port it to OpenBSD if you like it. The RSBAC patch will be included in version 1.0, which is expected to be released in about one month from now.
I had hoped to see some comments on Trusted Debian based on technical facts. After all if you are using OpenBSD, you must clearly be a security expert. So I'm a bit disappointed about the quality of the comments here. This isn't slashdot, is it?
Groetjes,
Peter Busser
Comments
By Peter Hessler () spambox@theapt.org on http://www.sfobug.org
I was unhappy with how many holes Windows/Mac/Linux had, and I didn't like the "feel" of any of those OSs. I tried BSD, and I liked it instictivly. The way they develop, the way the system is laid out, the way you upgrade.
OpenBSD != difficult, but it lets you do difficult things.
Comments
By Anonymous Coward () on
Hats off to any group wanting to make things more secure, but I think it may be a tough sell to move a distro forward by planning to look behind.
Okay, so I'm getting freakier...
By Henning () henning@openbsd.org on mailto:henning@openbsd.org
for the non-exec stack ... well, that is just a security measure of many in OpenBSD, I would not call it the most important one. The most important one is correct code. If I see the pure size of the linux kernel code, and see how it's written, I pretty much doubt this can ever be done right... and that is only the _kernel_.
But good luck... the linux people can cetrainly use a bit more security.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
OpenBSD's policy is to write quality code, which is noble, but they still have many bugs(just not in the default install of course).
With something like trusteddebian, I get granular access controls so as if something is exploited, no damage can be done.
Alternativly I get all the benifits linuxhas over OpenBSD, eg SMP and a FRAMEBUFFER :P
Comments
By Peter Hessler () spambox@theapt.org on http://www.theapt.org
SMP is difficult to do properly. I would rather *not* have SMP, than SMP done poorly.
Hell, the FreeBSD project delayed 5.0 by a full year, just so they could stabilize SMPng. It's still not done.
Proper code over `flashy lights`, and `advertising features`. My current bottleneck? IDE. SMP will get me about 5-10%, and it's not worth it, for the money. I run OpenBSD as my main system, not for some silly religous belief, but because I feel it is the best system for me.
By RC () on
I hate hearing about ACLs. They have become the holy grail, when, in fact, current methods are actually better.
Systrace works, privlidge seperation has always worked great, droping privlidges works quite well... And there are a few other ways I've come up with to secure systems as well... And before anyone asks; No. I'm not going to tell you what they are.
Comments
By Anonymous Coward () on
anyway
i think the models rsbac offers are exceptional, much better than systrace
maybe not needed for one server, but what about a multiuser machine?
acl's are extremly useful imo, and if openbsd wants to be leader in secure operating systems, it needs something likethis, or at least lids equivilnt.
Comments
By henning () henning@openbsd.org on mailto:henning@openbsd.org
That is what makes RSBAC unusable in real world, and that is what systrace suffers from.
A few people with great understanding of teh system benefit from them. >99% do not and will never.
On the other hand, all users benefit from our correct code, from privilege dropping daemons, etc.
Comments
By Anonymous Coward () on
Even if the users don't utilize the ACL, the administrator still can.
Aside, the other models in rsbac are mighty useful, and ensure that if a server is compromised, that next to no damage can be done, at the most appending a file.
In comparison, if something is compromised on openbsd(not using systrace), then whole access to the system is granted.
Which is especially dangerous as the OpenBSD chroot can be broken out of.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Jik () on
By Jik () on
Comments
By Anonymous Coward () on
Comments
By Mem () on
By Anonymous Coward () on
By Anonymous Coward () on
OWL(www.openwall.com), Trustix, Bastille? now... TrustedDebian? Goddamnit - if GNU is all about collaboration, rather than the sterotypical BSD arrogance Linux-zealots always falsely rail against then why is there so little cooperation?
WRT to the RSBAC & Systrace arguments, Henning nailed it. And it's a huge fucking shame too, especially in the systrace case. Here we have a facility, which was groundbreaking for its ease of use & BSDness that could really help out (just load up policies in /etc/systrace) and it's completely died on the vine. Unfortunately there seem to be politics behind this.
Without auditted policies from people who know what they hell they're doing - you might as well run systrace -A and say permit to everything.
OpenBSD has developers who know what the hell they are doing, and could help here (Henning being one of them). Unfortunately with niels & theo at odds, I think there might not be much incentive in anyone's camp to have systrace live up to its potential.
For the users... well if you're savvy, ymmv.
Anyway, I would rather dwell on systrace discussions than the goal for YAD Linux, yes thanks for the compliments - knock yourselves out.
Comments
By Anonymous Coward () on
neiter is better
sure, linux has crappy distros every few months
but no one takes much notice, its thecore distros that survive
btw, if you had read the story, trustedbsd is a patch, not a disro.
Comments
By LARThed () on
(Open)BSD is 'better' because of:
A. Implmentation quality.
B. License. (Which does not necessitate repetition of efforts as GPL or other less-free licenses do)
C. (insert advocacy arguments here)
Some people would say, that in the grand scheme of things, "better" doesn't really apply to much do to subjectivist crap. I kind of take it that's what you mean when you state "nieter [sic] is better." Well, especially subjectively then - I think that OpenBSD -is- better.
Linux has crappy distros, and quite frankly some of the core distros (like, Redhat, & Mandrake) are absolutely horrid, bloated, disgusting.
I did read the "story" and miniscule semantic issues such as terming it a patch rather than a distro (Bastille is also essentially just a series of scripts and patches). To quote: "to create a secure Linux distribution and make it available to everyone" Is that just a patch, or effectively -another- fucking linux distro?
And: "In the future I would very much like to see that this project serves no purpose anymore, because some or all of its ideas ended up in other (more mainstream) distributions."
Did -you- read the article? The above statement sure imply to me that this is yet another distro. My question is, why didn't the author cooperate with other projects (such as OpenWall or Trustix, or Bastille) which have a similar security mindset. You'll notice in the religious world that the same thing happens too, where someone proposes a slightly different idea, but rather than add it to the doctrine, they just start up their own faith; it's really dumb, and it's primarily only in faiths which are exclusionary (e.g. Judeo-Christian-Muslim faiths, as opposed to say, the relative scarcity of Taoist or Shintoist sects).
However, my main point before, and now again is - why the hell do we need to discuss some Linux distro's choice paths, when the only reason the article was linked to was for a mention of OpenBSD as a good example to follow.
Tip: if you have a good example to follow, and there's nothing stopping you from following it, just follow it, instead of wasting time creating your own path (whether the example is OpenBSD, or OpenWall). This discussion is heavily off topic now, so sorry for contributing to that further.
Comments
By Peter Busser () peter@trusteddebian.org on www.trusteddebian.org
The whole point is that there are security patches out there which are produced by several projects. However, these patches are not being actively used by distribution makers. Except perhaps in some niche distributions (most of which have a commercial background, which is not bad, but it limits their scope). I don't think that it is right that mainstream Linux distribution users do not benefit from the effort people put in these security patches and programs.
The Trusted Debian project IS cooperating with the PaX team and RSBAC author Amon Ott at this moment. And will cooperate with others in the future as well. So I don't know what you mean by excluding, but I have no idea what you are talking about. It seems to me that your judgements tells more about how you look at the world than about the Trusted Debian project.
If you talk about cooperation, what is exactly your problem with OpenBSD people and Linux people discussing important issues such as security? Do you think you or other OpenBSD people have all the answers and you can't learn anything from other people?
All in all I think that both OpenBSD people and Linux people can gain in technical discussions. However, most reactions here have more to do with ego than with technical issues.
One thing I wonder is about the posting made by Henning. Why is it that systrace is not catching on? I have had a brief look at it yesterday and it looks interesting. Also I wonder why systems like systrace and RSBAC are useless in practice. I mean, only a limited number of people know how to program well. And yet millions of people use computers without knowing how to program. Why should security policies be any different?
Groetjes,
Peter Busser
Comments
By Henning () henning@openbsd.org on mailto:henning@openbsd.org
your proposal of a "systrace policies repository" looks promising at a first glance, but will not work if you look closer. it might work for the simple apps - for example, the policy for cat only missed the fstat for /etc/malloc.conf -, but will fail for most complex daemons. look, not even ping was right - it stopped working when the first resolver was unreachable. All policies which include uid lookups didn't take YP into account.
And that's the dilemma. Take yp into acount - and now, on some systems, there's login_ldap - nonstandard. policy stops working.
These are still simple cases. Think about apache. You might succeed in writing a policy for the base install with all htdocs in /var/www/htdocs. what about mod_userdir? someone will install php... some people will move the docroot, some people will run mod_perl. whith mod_perl and mod_php, the policies even would need to be adopted to what the php/perl scripts do.
I doubt it is possible to reflect that in a generic rway. the policies _are_ custom for a given system, tho only a very small number of people can write them.
On the other hand, your analogy to writing C code, the result, the binaries, aren't so custom - they are generally usable. and I just doubt you can reach the same with systrace policies - unfortunately. especially the privilege escalation in systrace is interesting... that would, for example, allow ping and traceroute to loose their setuidness...
By Anonymous Coward () on