Date: Thu, 11 Mar 1999 13:52:34 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: andrewr <andrewr@slack.net> Cc: freebsd-security@FreeBSD.org, jbowie@slack.net Subject: Re: disapointing security architecture Message-ID: <Pine.BSF.3.96.990311134445.4815C-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96.990311121039.6524A-100000@brooklyn.slack.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Mar 1999, andrewr wrote: > Im hoping that this thread will end soon and perhaps be brought to another > context. On and off for awhile people would say someting about FreeBSDs > security or lack thereof (whatever your opinion may be).. Awhile back I > spoke with Jordan through email about doing an all out audit and/or a > complete redesign of its "security archicture." The solution was, again: > If you have people that are interested, set up a mailing list and see if > you can get things started. I, unfortunately, failed on getting the > mailing list up due to lack of resources at the time. > > So, I do extend this offer, if you are interested in doing an audit or > delve into the security implementations that FreeBSD has/does not have, > please email me and I will attempt to get a mailing list set up. I know > this is, I think, the third time (including my single attempt) to get an > active group together to do this. My role is just to hold a mailing list > forum for this and not much more. I know of a few people already that do > personal kernel modifications for increased security measures I encourage > you to participate. Andrew, This is an area of great interest to me. In the effort to help in a redesign, both inside and out of the context of a traditional UNIX security architecture, I am putting time into a POSIX.1e implementation that will providing auditing (not code auditing as you describe, but event auditing), capabilities, ACLs, and possibly eventually MACs, although I have received an email indicating that someone else's implementation of MAC is almost complete at this point. This all fits into the generally UNIX-esque security approach. You can subscribe to our POSIX.1e discussion list by sending email to posix1e-request@cyrus.watson.org. It is a fairly low-volume list, but discussion is always welcome. On a less unixy note, last year I assembled a token-based security model for authentication and authorization; an early version is available for download off my FreeBSD hardening page. It tries to provide a context for a more comprehensive model where tokens represent capabilities, local identities (such as traditional uids), and distributed system identitites (such as kerberos tokens or certificates). A token daemon exists and allows token-exchange based on a policy (that version never went up for download but does actually work), and tokens may be transfered in the style of credentials or file descriptors in plain-FreeBSD. I send-pr'd some patches last year to add support for lkms providing arbitrary-kernel-object-passing hooks via this feature. I don't think it was ever stuck in FreeBSD due to stylistic issues, and I haven't had time to fix that. This May I may take another blast at taking it beyond a proof-of-concept to a full working system. Eivind has suggested a more complicated capabilities system that is in somewhat similar a vein--string-based capabilities specifying subsystems, etc. That behavior could be considered a subset of my token behavior, but the token code is fairly inefficient. If you don't have the resources to set up an alternate-security-architecture mailing list, I'd be glad to host one. I think it's an interesting topic; some of the more radical solutions are unlikely to be incorporated into base BSD if only because it's hard to find effective and novel solutions that are truly a superset of the default UNIX model, and also compatible :-). I'm also aware of a number of projects relating this (including one at TIS Labs/NAI under DARPA contract for imposing additional security restrictions on a base BSD model called 'wrappers'). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990311134445.4815C-100000>