From owner-freebsd-chat@FreeBSD.ORG Wed Jun 30 15:05:05 2004 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EDF416A4CF for ; Wed, 30 Jun 2004 15:05:05 +0000 (GMT) Received: from fallback-mx2.atl.registeredsite.com (fallback-mx2.atl.registeredsite.com [64.224.219.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1EECC43D48 for ; Wed, 30 Jun 2004 15:05:05 +0000 (GMT) (envelope-from kevin_lyons@ofdengineering.com) Received: from mail4.atl.registeredsite.com (mail4.atl.registeredsite.com [64.224.219.78])i5UCqv2x030207 for ; Wed, 30 Jun 2004 12:52:57 GMT Received: from imta02a2.registeredsite.com (imta02a2.registeredsite.com [64.225.255.11])i5UCqQTZ014656; Wed, 30 Jun 2004 12:52:26 GMT Received: from ofdengineering.com ([66.137.123.97]) by imta02a2.registeredsite.com with ESMTP <20040630125226.FPRQ4947.imta02a2.registeredsite.com@ofdengineering.com>; Wed, 30 Jun 2004 08:52:26 -0400 Message-ID: <40E2B786.8030005@ofdengineering.com> Date: Wed, 30 Jun 2004 07:52:22 -0500 From: Kevin Lyons User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Christian Weisgerber References: <40E1A6C0.2040406@ofdengineering.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-chat@freebsd.org Subject: Re: "TrustedBSD" addons X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2004 15:05:05 -0000 Christian Weisgerber wrote: > Kevin Lyons wrote: > > >>Is this the right way to go? We're adding more bloat while openbsd is >>cleaning itself and reworking kernal memory allocation to make exploits > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >>near impossible. > > ^^^^^^^^^^^^^^^ > > Er, what? Er, read the following (from http://www.openbsd.org/security.html). I believe they've been doing the random malloc/mmap since 3.4. Almost a year ago. 1) "As we audit source code, we often invent new ways of solving problems. Sometimes these ideas have been used before in some random application written somewhere, but perhaps not taken to the degree that we do. * strlcpy() and strlcat() * Memory protection purify o W^X o .rodata segment o Guard pages o Randomized malloc() o Randomized mmap() o atexit() and stdio protection * Privilege seperation * Privilege revocation * Chroot jailing * New uids * ProPolice * ... and others " 2) If that is not clear enough... from http://www.eweek.com/article2/0,3959,1111894,00.asp OpenBSD 3.3 adds page-level memory permissions (on SPARC, Alpha and PA-RISC CPUs) that mark each memory page as either writable or executable (but not both at once), to make it harder for an attacker to write attack code into a memory location and execute it. Unfortunately, this feature isn't provided on x86 or PowerPC chips yet, although it's planned for the OpenBSD 3.4 release. The OpenBSD project has made a decision against trusted-operating-system-style mandatory access controls that place kernel-enforced limits on what particular processes or users can do. "People who use such things build systems which cannot be administered later," said Theo de Raadt, OpenBSD project leader, in Calgary, Alberta. "I am holding the fort against such complexity." -- Kevin Lyons OFD Engineering, 950 Threadneedle Suite 250, Houston Texas 77079 Phone: 281-679-9060, ext. 118, E-mail: kevin_lyons@ofdengineering.com