OpenBSD Journal

A great compliment from some debian folks

Contributed by jose on from the examples dept.

Han writes:
"OpenBSD is hailed as a reference point and a source of inspiration in this article.

http://www.trusteddebian.org/motivation.html

They even want to threaten the openbsd-project ;-)"

It appears that one of the things that OpenBSD does best is lead by example, showing that attention to detail and careful thought in the design and development phases can make a real difference. Let's see if they can effectively improve all of the projects they integrate with.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    The most important point however is that the OpenBSD people are still laughing at Linux. We can't let that happen, can we??? Right, we can't! So join the Trusted Debian project, so we can scare the OpenBSD people. :-) :-)

    Very... professional?

    Comments
    1. By W () on

      I don't like GNU/Linux much, but I can certainly see the ironi in that statement, and I have no problems with it.

    2. By Peter Busser () peter@trusteddebian.org on www.trusteddebian.org

      Hi!

      It's nice to see some OpenBSD people taking it so... seriously.

      BTW, it's not ironi but irony (for those of you who seem to have difficulty finding it in the dictionary).

      Groetjes,
      Peter Busser (who now ducks for cover :-)

      Comments
      1. By W () on

        BTW, it's not ironi but irony (for those of you who seem to have difficulty finding it in the dictionary).

        I actually know that, but when 'ironi' is the Norwegian (my first language) word for the English 'irony', it's easy to make that mistake once in a while.

        Hey, I'm on your side here (kinda)! ;-)

      2. By zil0g () on

        hahaha, Linux

        =)

  2. By RC () on

    Of course, threats are the most since form of admiration...

  3. By Anonymous Coward () on

    two secure systems

    one suppoting smp and secure access controls

    one that only just got non-exec stack support(for a secure os this should have been much earlier)

    i know which i choose

    the better one :)

    Comments
    1. By Peter Busser () peter@trusteddebian.org on www.trusteddebian.org

      Hi!

      I agree that Linux should have had things like the PaX patch into the kernel much earlier. However, you are mistaken in that it only provides a non-executable stack. It does more than that in fact (see http://pageexec.virtualave.net/docs/). The guy who wrote this patch would like to hear about shortcomings in his design, maybe you can convince him that the OpenBSD approach is better than his.

      The secure access control framework is already available in the form of RSBAC (http://www.rsbac.org/). The work on RSBAC started in 1996, which makes it roughly as old as OpenBSD and it implements several formal security models. It is also portable, so you can easily port it to OpenBSD if you like it. The RSBAC patch will be included in version 1.0, which is expected to be released in about one month from now.

      I had hoped to see some comments on Trusted Debian based on technical facts. After all if you are using OpenBSD, you must clearly be a security expert. So I'm a bit disappointed about the quality of the comments here. This isn't slashdot, is it?

      Groetjes,
      Peter Busser

      Comments
      1. By Peter Hessler () spambox@theapt.org on http://www.sfobug.org

        I use OpenBSD. I am *not* a securty expert, computer expert, freak, etc, etc.

        I was unhappy with how many holes Windows/Mac/Linux had, and I didn't like the "feel" of any of those OSs. I tried BSD, and I liked it instictivly. The way they develop, the way the system is laid out, the way you upgrade.

        OpenBSD != difficult, but it lets you do difficult things.

        Comments
        1. By Anonymous Coward () on

          I got into OpenBSD because I am _not_ a security freak. With the default install, some patches and dexterity with pf.conf I can make a pretty tight edge machine.

          Hats off to any group wanting to make things more secure, but I think it may be a tough sell to move a distro forward by planning to look behind.

          Okay, so I'm getting freakier...

      2. By Henning () henning@openbsd.org on mailto:henning@openbsd.org

        well, RSBAC suffers from the same problem systrace does... both don't workfor a simple reason: nobody gets the policies right. that is unfortunate, but the truth... not even the systrace policy found in some famous sytrace policy repository is right. if you don't even get the one for such a simpe program like cat right, how should it ever work for complex daemons like apache, bind, sendmail?

        for the non-exec stack ... well, that is just a security measure of many in OpenBSD, I would not call it the most important one. The most important one is correct code. If I see the pure size of the linux kernel code, and see how it's written, I pretty much doubt this can ever be done right... and that is only the _kernel_.

        But good luck... the linux people can cetrainly use a bit more security.

        Comments
        1. By Anonymous Coward () on

          have you used rsbac? some of the models are not difficult at all and easlypreent suiding to root, writing to files etc, ff and auth models respectivly.

      3. By Anonymous Coward () on

        Actually, once trusteddebian matures, I would much prefer it over openbsd.

        OpenBSD's policy is to write quality code, which is noble, but they still have many bugs(just not in the default install of course).

        With something like trusteddebian, I get granular access controls so as if something is exploited, no damage can be done.

        Alternativly I get all the benifits linuxhas over OpenBSD, eg SMP and a FRAMEBUFFER :P

        Comments
        1. By Peter Hessler () spambox@theapt.org on http://www.theapt.org

          There are rumors that DRI is comming to OpenBSD. Portions require X4.3, so that is the reason for the delay. Is that what you mean by framebuffer?

          SMP is difficult to do properly. I would rather *not* have SMP, than SMP done poorly.

          Hell, the FreeBSD project delayed 5.0 by a full year, just so they could stabilize SMPng. It's still not done.

          Proper code over `flashy lights`, and `advertising features`. My current bottleneck? IDE. SMP will get me about 5-10%, and it's not worth it, for the money. I run OpenBSD as my main system, not for some silly religous belief, but because I feel it is the best system for me.

        2. By RC () on

          Granular access controls? So then what is systrace?

          I hate hearing about ACLs. They have become the holy grail, when, in fact, current methods are actually better.

          Systrace works, privlidge seperation has always worked great, droping privlidges works quite well... And there are a few other ways I've come up with to secure systems as well... And before anyone asks; No. I'm not going to tell you what they are.

          Comments
          1. By Anonymous Coward () on

            if your not going to mention what they are, why bother mentioning you have them?>?

            anyway

            i think the models rsbac offers are exceptional, much better than systrace

            maybe not needed for one server, but what about a multiuser machine?

            acl's are extremly useful imo, and if openbsd wants to be leader in secure operating systems, it needs something likethis, or at least lids equivilnt.

            Comments
            1. By henning () henning@openbsd.org on mailto:henning@openbsd.org

              History has shown that offloading the security stuff to users ("write policies/ACLs/...) does not work.
              That is what makes RSBAC unusable in real world, and that is what systrace suffers from.
              A few people with great understanding of teh system benefit from them. >99% do not and will never.
              On the other hand, all users benefit from our correct code, from privilege dropping daemons, etc.

              Comments
              1. By Anonymous Coward () on

                I have to disagree with you on this.

                Even if the users don't utilize the ACL, the administrator still can.

                Aside, the other models in rsbac are mighty useful, and ensure that if a server is compromised, that next to no damage can be done, at the most appending a file.

                In comparison, if something is compromised on openbsd(not using systrace), then whole access to the system is granted.

                Which is especially dangerous as the OpenBSD chroot can be broken out of.

  4. By Anonymous Coward () on

    This is not the first time Debian folks drooled over BSD. AFAIK, they tried all BSDs to roll out their own "GNU"/*BSD and failed miserably. This time, only they want to imitate features instead of rolling out their own. Well, I say, good luck.

    Comments
    1. By Anonymous Coward () on

      its openbsd that should be imitating rsbac

  5. By Jik () on

    Don't tell me smp machines are rare these days......well, i'd just shut up if someone tell me opnebsd runs just on archaic hardware.

  6. By Jik () on

    Don't tell me smp machines are rare these days......well, i'd just shut up if someone tell me opnebsd runs just on archaic hardware.

    Comments
    1. By Anonymous Coward () on

      How much does Intel's new "Hyper-Threading" on their newer processors make a system with a single processor appear to be SMP? Is SMP support necessary to fully support those processors?

      Comments
      1. By Mem () on

        FB has already implemented HT support as of version 4.8ĄŁ

  7. By Anonymous Coward () on

    Whatever. I can't wait to see the Linux people do something right. This is going to be a total disaster.

  8. By Anonymous Coward () on

    YAD (Yet Another Distro) of the week in the linux world. I certainly appreciate the nod to OpenBSD [which is why the story was linked at all] but discussions regarding YAD's approach to security and its differences from OpenBSD are hardly worth wasting time on here.

    OWL(www.openwall.com), Trustix, Bastille? now... TrustedDebian? Goddamnit - if GNU is all about collaboration, rather than the sterotypical BSD arrogance Linux-zealots always falsely rail against then why is there so little cooperation?

    WRT to the RSBAC & Systrace arguments, Henning nailed it. And it's a huge fucking shame too, especially in the systrace case. Here we have a facility, which was groundbreaking for its ease of use & BSDness that could really help out (just load up policies in /etc/systrace) and it's completely died on the vine. Unfortunately there seem to be politics behind this.

    Without auditted policies from people who know what they hell they're doing - you might as well run systrace -A and say permit to everything.

    OpenBSD has developers who know what the hell they are doing, and could help here (Henning being one of them). Unfortunately with niels & theo at odds, I think there might not be much incentive in anyone's camp to have systrace live up to its potential.

    For the users... well if you're savvy, ymmv.

    Anyway, I would rather dwell on systrace discussions than the goal for YAD Linux, yes thanks for the compliments - knock yourselves out.

    Comments
    1. By Anonymous Coward () on

      why do you think bsd is better?

      neiter is better

      sure, linux has crappy distros every few months

      but no one takes much notice, its thecore distros that survive

      btw, if you had read the story, trustedbsd is a patch, not a disro.

      Comments
      1. By LARThed () on

        Everything expressed is my opinion, I am not going to trapse about trying to be politically correct for the something as trivial as software.

        (Open)BSD is 'better' because of:

        A. Implmentation quality.
        B. License. (Which does not necessitate repetition of efforts as GPL or other less-free licenses do)
        C. (insert advocacy arguments here)

        Some people would say, that in the grand scheme of things, "better" doesn't really apply to much do to subjectivist crap. I kind of take it that's what you mean when you state "nieter [sic] is better." Well, especially subjectively then - I think that OpenBSD -is- better.

        Linux has crappy distros, and quite frankly some of the core distros (like, Redhat, & Mandrake) are absolutely horrid, bloated, disgusting.

        I did read the "story" and miniscule semantic issues such as terming it a patch rather than a distro (Bastille is also essentially just a series of scripts and patches). To quote: "to create a secure Linux distribution and make it available to everyone" Is that just a patch, or effectively -another- fucking linux distro?

        And: "In the future I would very much like to see that this project serves no purpose anymore, because some or all of its ideas ended up in other (more mainstream) distributions."

        Did -you- read the article? The above statement sure imply to me that this is yet another distro. My question is, why didn't the author cooperate with other projects (such as OpenWall or Trustix, or Bastille) which have a similar security mindset. You'll notice in the religious world that the same thing happens too, where someone proposes a slightly different idea, but rather than add it to the doctrine, they just start up their own faith; it's really dumb, and it's primarily only in faiths which are exclusionary (e.g. Judeo-Christian-Muslim faiths, as opposed to say, the relative scarcity of Taoist or Shintoist sects).

        However, my main point before, and now again is - why the hell do we need to discuss some Linux distro's choice paths, when the only reason the article was linked to was for a mention of OpenBSD as a good example to follow.

        Tip: if you have a good example to follow, and there's nothing stopping you from following it, just follow it, instead of wasting time creating your own path (whether the example is OpenBSD, or OpenWall). This discussion is heavily off topic now, so sorry for contributing to that further.

        Comments
        1. By Peter Busser () peter@trusteddebian.org on www.trusteddebian.org

          You are clearly missing the point.

          The whole point is that there are security patches out there which are produced by several projects. However, these patches are not being actively used by distribution makers. Except perhaps in some niche distributions (most of which have a commercial background, which is not bad, but it limits their scope). I don't think that it is right that mainstream Linux distribution users do not benefit from the effort people put in these security patches and programs.

          The Trusted Debian project IS cooperating with the PaX team and RSBAC author Amon Ott at this moment. And will cooperate with others in the future as well. So I don't know what you mean by excluding, but I have no idea what you are talking about. It seems to me that your judgements tells more about how you look at the world than about the Trusted Debian project.

          If you talk about cooperation, what is exactly your problem with OpenBSD people and Linux people discussing important issues such as security? Do you think you or other OpenBSD people have all the answers and you can't learn anything from other people?

          All in all I think that both OpenBSD people and Linux people can gain in technical discussions. However, most reactions here have more to do with ego than with technical issues.

          One thing I wonder is about the posting made by Henning. Why is it that systrace is not catching on? I have had a brief look at it yesterday and it looks interesting. Also I wonder why systems like systrace and RSBAC are useless in practice. I mean, only a limited number of people know how to program well. And yet millions of people use computers without knowing how to program. Why should security policies be any different?

          Groetjes,
          Peter Busser

          Comments
          1. By Henning () henning@openbsd.org on mailto:henning@openbsd.org

            For the "both linux and OpenBSD people can gain from technical/security discussions", I totally agrre with you. Keep inmind that many people posting here seem to be bored and need to fight out of that ;-)

            your proposal of a "systrace policies repository" looks promising at a first glance, but will not work if you look closer. it might work for the simple apps - for example, the policy for cat only missed the fstat for /etc/malloc.conf -, but will fail for most complex daemons. look, not even ping was right - it stopped working when the first resolver was unreachable. All policies which include uid lookups didn't take YP into account.
            And that's the dilemma. Take yp into acount - and now, on some systems, there's login_ldap - nonstandard. policy stops working.
            These are still simple cases. Think about apache. You might succeed in writing a policy for the base install with all htdocs in /var/www/htdocs. what about mod_userdir? someone will install php... some people will move the docroot, some people will run mod_perl. whith mod_perl and mod_php, the policies even would need to be adopted to what the php/perl scripts do.
            I doubt it is possible to reflect that in a generic rway. the policies _are_ custom for a given system, tho only a very small number of people can write them.
            On the other hand, your analogy to writing C code, the result, the binaries, aren't so custom - they are generally usable. and I just doubt you can reach the same with systrace policies - unfortunately. especially the privilege escalation in systrace is interesting... that would, for example, allow ping and traceroute to loose their setuidness...

  9. By Anonymous Coward () on

    While this distribution is based on Debian, it has nothing directly to do with the Debian project. For this reason, they have changed the name of their system to "Adamantix". As far as I know, these aren't "Debian folks" at all, so please direct flames to them, and not Debian.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]