From owner-freebsd-questions@FreeBSD.ORG  Sat Feb 22 05:38:18 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3647D89A
 for <questions@freebsd.org>; Sat, 22 Feb 2014 05:38:18 +0000 (UTC)
Received: from nm22-vm3.bullet.mail.ne1.yahoo.com
 (nm22-vm3.bullet.mail.ne1.yahoo.com [98.138.91.152])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id E267312F8
 for <questions@freebsd.org>; Sat, 22 Feb 2014 05:38:17 +0000 (UTC)
Received: from [98.138.226.176] by nm22.bullet.mail.ne1.yahoo.com with NNFMP;
 22 Feb 2014 05:36:18 -0000
Received: from [98.138.84.42] by tm11.bullet.mail.ne1.yahoo.com with NNFMP;
 22 Feb 2014 05:36:18 -0000
Received: from [127.0.0.1] by smtp110.mail.ne1.yahoo.com with NNFMP;
 22 Feb 2014 05:36:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
 t=1393047378; bh=LtLJV04JYByQ7pGsfnmnz9lyd23eV/+/aevXtjtZrp8=;
 h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Subject:From:Content-Type:X-Mailer:Message-Id:Date:To:Content-Transfer-Encoding:Mime-Version;
 b=AWFOBM8PJYpiw70wF0+6K9rnGrkcYwdwvvh6QIcmkKAdumOitjhd15zsiZMkHV0qjKkPg7W2zw/UU3qFXPNdQVXCQNJ6yeUsm52eIZdEpFKCvgBYDiu6OR3c4L1ZCYrB+QKuemSjt6ad+1zuUI+UFdOxB1+56pNwkuUrsVX0moA=
X-Yahoo-Newman-Id: 598378.98457.bm@smtp110.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: RbancY0VM1mkZz8gkmRhue.5ySKekydwf_RnjVNBN7y3ZUA
 vjnVy0wcSaIoH3K6D41zFmX2Z9xAGgAIVhH5m3mEyV4u6l9QvjZ3pdROLjqT
 VhdtVXyjFUtjiYbv99nzZ83dUY3Rr9J7M65VSziFMibEC4KdvM6QM_5WT_sm
 qNYHR_RwQnU_8r4iNJOfUPqxSmrmbJpSYzUmj2O8jaNRiZQDsQJzDEHvVcAS
 JzUR45RYT3M6pIcxfpcpxDhMamF1be35C77IciICMBfj0dPVnm2vYNOGOf4E
 3r9fbl84AvE4rLnU67aIuYoG0uFCa3NIL6t83dMpno46V9qKaejWNRKCzRns
 knwU1lpXAxgRiysSIjJ92XeKfWMi_9RYZptaliocgjlh3VyiQOdMa267.rVm
 qNRz9_KOLCy61MfEuoz1zS41RedTq.V.p7sRu3bA4vIbl8_bXYoxdGPFL9zr
 e0RrffbIMvRrH4XvqtxZ0.cbqGfYepJ_vgI2NnZYeuDxkeyxkolxk0CW5B6s
 ff1BNh2AjPwT2GHeHfrjdNoALHHWrhWeM
X-Yahoo-SMTP: Lb17xrCswBCUt20FcCYTColKJRTxG.7_FRVI3jjX
X-Rocket-Received: from [10.54.102.64] (jeremiah.twidwell@166.147.99.57 with
 xymcookie [216.39.61.254])
 by smtp110.mail.ne1.yahoo.com with SMTP; 21 Feb 2014 21:36:18 -0800 PST
Subject: Idea to make package vulnerabilities not matter,
 along with third party software
From: Jeremiah <jeremiah.twidwell@yahoo.com>
Content-Type: text/plain;
	charset=us-ascii
X-Mailer: iPhone Mail (10B329)
Message-Id: <7934675E-6EAB-406A-90C4-61CDF901594F@yahoo.com>
Date: Fri, 21 Feb 2014 23:36:11 -0600
To: "questions@freebsd.org" <questions@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Feb 2014 05:38:18 -0000

The basics behind the idea is simple. I was going to tell openbsd, but they s=
eem arrogant about security, whereas you all are honest...

You can control your os, but you can't control vulnerabilities in third part=
y packages or software, and you end up patching it all for them - or can you=
 simply make it not matter?

Actually, you can. Most viruses require some form of vulnerability (also hac=
king) to spread. The objective then for the operating system is to catch tho=
se things in action and throw an error...

For example, consider buffer overflows. What do they all have in common?  So=
me other process or dynamic library is accessing the memory spaces of proces=
ses it shouldn't access. So all you need to do to limit most viruses is to r=
un with that idea...

It's access control, only on processes instead of the user. As examples of w=
hat you can do with program acess control:

-prevents memory problem vulnerabilities by maintaining a mapping of what pr=
ocess creates and allocates, and so 'owns' segments or ram, heaps, pointers,=
 etc. all those vulnerabilities gone with just that one thing.=20

-you can validate data being passed into methods, for example making sure th=
ey are the right data type and size

-you can protect files to a whitelist open function, where only certain apps=
 have access. This gets easy by using a config file, which cannot be accesse=
d by anything except the os, and further it can only be modified by a GUI ed=
itor, not through a script, program, or command... (The next one ties in). B=
y doing this you eliminate payloads of most malware

-you can do the same access control as files with processes accessing the In=
ternet. Back doors by themselves do not have a payload, but if you all do th=
is right, a new firewall protecting process instead of ports with a whitelis=
t/blackist is a much better firewall anyway.=20

-you know by your packages already what filed, directories, and sites they n=
eed access to. So there you have a big edge in that you can automatically se=
t these last two things up for the user.=20

-the above stops the majority, but more needs to be done

-viruses spread. Memory residency doesn't matter if it can't attach to anyth=
ing, which we may have already solved above. To know if a virus has infected=
 a package, if that package changed since its last install/update that is a d=
ead give-away. You could also checksum it before it runs and compare with ei=
ther a local file or your server.=20

-most viruses steal information. By default any program or executable (unles=
s it was compiled by the user - but that doesn't mean you can't ac the file n=
ame as an exe, etc). So by default anything you don't know in packages or po=
rts has no file or network access, and further if it can't execute something=
 except a GUI, the user will be pretty suspicious. That will mitigate the va=
st majority of risks.=20

-for hacking, a similar method can be employed. Basically what you have to d=
o is you should know the socket, program, or is does something unique to mak=
e a socket blow up into a root shell; for example. So what you do is if you c=
an just catch that event(s), you've stopped hacking almost completely. But i=
t's going to take a lot of memory and sys analysis...

-now all that is left is what to do about applications that should have acce=
ss to a file, but shouldn't be transmitting any of that data. That's the tou=
gh one, but I'll leave it to you to see what you can come up with.=20

I had these ideas ever since 2005. I was going to do it on Linux at first; b=
ut honestly that platform is a free for all and bad is more suitable. I thou=
ght you all should be the ones...

If it works well, patent immediately. If not, maybe it needs a little refine=
ment. I haven't tested any of it, but the theory should hold.=20

If you need me to provide more information or explain further just let me kn=
ow. I need a secure os at least, would be nice if you folks could do this.=20=


Later, man.=20

- Jeremiah=