From owner-freebsd-chat@FreeBSD.ORG Tue Jun 29 18:40:42 2004 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2546016A4CE for ; Tue, 29 Jun 2004 18:40:42 +0000 (GMT) Received: from mail2.atl.registeredsite.com (mail2.atl.registeredsite.com [64.224.219.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id D542043D31 for ; Tue, 29 Jun 2004 18:40:41 +0000 (GMT) (envelope-from kevin_lyons@ofdengineering.com) Received: from imta02a2.registeredsite.com (imta02a2.registeredsite.com [64.225.255.11])i5TIedS4025901 for ; Tue, 29 Jun 2004 18:40:39 GMT Received: from ofdengineering.com ([66.137.123.97]) by imta02a2.registeredsite.com with ESMTP <20040629184039.TOSP4947.imta02a2.registeredsite.com@ofdengineering.com> for ; Tue, 29 Jun 2004 14:40:39 -0400 Message-ID: <40E1B7A3.3040409@ofdengineering.com> Date: Tue, 29 Jun 2004 13:40:35 -0500 From: Kevin Lyons User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-chat@freebsd.org References: <40E1A6C0.2040406@ofdengineering.com> <40E1B3B5.1020906@palisadesys.com> In-Reply-To: <40E1B3B5.1020906@palisadesys.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: "TrustedBSD" addons X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2004 18:40:42 -0000 > >> I can already see the security advisories for these things like we've >> had for tcpwrapper, kerberos, heimdal, jail, openssl, etcetera ad >> infinitum. > > > How many of these were developed as part of BSD? One: jail. Well, point being that more layers/lines of code added, the more potential vulnerabilities. I don't think we can say the FreeBSD or TrustedBSD developers are any more exploit immune than other folks. > >> Is this the right way to go? We're adding more bloat while openbsd is >> cleaning itself and reworking kernal memory allocation to make >> exploits near impossible. > > > That's great work. Now, let's build on that so that the entire system > is properly compartmentalized (i.e., MAC). But they are not doing that, they are ONLY adding some new functionalilty. Am I misinformed or has any vm work been done on the level of openbsd 3.4, beyond perhaps propolice. > >> I dloaded 5.2 but haven't installed yet. I hope there is a way to >> disable the MAC and other of these "trustedbsd features" that seem to >> keep DARPA funded userland people busy. > > > Is it so much harder to look a little more deeply at the sytem than to > write a troll/rant? Not ranting/trolling. Thanks for the info, that is good. As I said, i have not installed/configured it yet. I have been noticing feaping creaturism in freebsd as of late so I was simply concerned about it. > Yes, MAC is a group of kernel compile options, and they are not shipped > as part of the GENERIC kernel. From /sys/conf/NOTES: > > # Support for Mandatory Access Control (MAC): > options MAC > options MAC_BIBA > options MAC_BSDEXTENDED > options MAC_DEBUG > options MAC_IFOFF > options MAC_LOMAC > options MAC_MLS > options MAC_NONE > options MAC_PARTITION > options MAC_PORTACL > options MAC_SEEOTHERUIDS > options MAC_STUB > options MAC_TEST > > Please take a look at the TrustedBSD implementation before ranting about > "DARPA funded userland people". There are good reasons why these people > were funded. Hmmpf. Perhaps it is because there was some leftover when theo lost his money :). > > Guy > _______________________________________________ > freebsd-chat@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-chat > To unsubscribe, send any mail to "freebsd-chat-unsubscribe@freebsd.org" > -- Kevin Lyons OFD Engineering, 950 Threadneedle Suite 250, Houston Texas 77079 Phone: 281-679-9060, ext. 118, E-mail: kevin_lyons@ofdengineering.com