OpenBSD Journal

TrustedBSD

Contributed by Dengue on from the daemons-you-can-trust dept.

Lawrence Teo writes "There's a new BSD project called TrustedBSD that aims to conform to the Orange Book's B1 evaluation criteria. It's based on FreeBSD. How will this affect OpenBSD? "

After looking over the information at the TrustedBSD project site, I see nothing there about a source code audit...
I won't deny the usefulness of ACL's, etc., but how secure can your system be if it is susceptible to buffer overflows and race conditions? Here's another question: At what point i.e. lines of code, number of programmers, levels of complexity, does a project become effectively un-auditable? I can think of a number of projects, mostly Microsoft ones, whose gargantuan size prohibits any effective level of auditing, but what about OpenSource projects? When does it get out of control?

(Comments are closed)


Comments
  1. By Boris () no on http://www.he.net

    Pretty confusing. <br> After a BSD merger, a split that says it splits to reunite a bit later. my question is: <br> Why do trustedBSD looks like new BSD OS, when it says its only experimental extensions. <br> May be after patching and patching the kernel, they'll find out they end up with a kernel <br> that looks very much like their Open cousin. <br> <br> I wonder to whom the beasty is talking to on his cellphone and what they're talking about. <br> may be about his new cellphone. <br>

  2. By azure () on

    What is the purpose of this?

  3. By Anonymous Coward () on

    Personally, I think it would be cool if OpenBSD
    actually implemented capabilities like IRIX
    already has, and freebsd is working on. It is
    not very complex, on the trusted web site
    they have the patches that include capability
    patches to freebsd

    Comments
    1. By azure () on

      Which capabilities exactly?

      Comments
      1. By Janne Johansson () jj@dynarc.se on mailto:jj@dynarc.se

        Well, my guess would be the abundance of
        suided admintools to exploit, the multimedial
        binaries that follows symlinks to anywhere and
        the graphical filesystem browser that makes little
        girls go: "I know this, it's a unix system".

        Comments
        1. By azure () on

          I always knew there was something missing in OpenBSD -- But until now I wasn't sure what it was!

    2. By bengt@softwell.se () on

      Greetings,

      Previously IRIX capabilities where nothing like 'real' (Computer Science) capabilities. Have they improved?

      For a simple intro to capabilities, see:
      http://www.eros-os.org/essays/capintro.html

  4. By Anonymous Coward () on

    Well, if this is the FreeBSD version of going secure, at least it's still under the BSD license. So, _if_ there are any improvements they think of which we have completely missed, we should be able to encorporate them into OpenBSD with presumably as little difficulty (or ease) as adopting other FreeBSD ports and extensions.

    Comments
  5. By John Ruschmeyer () jruschme@freewwweb.com on mailto:jruschme@freewwweb.com

    I'm not sure it means anything to OpenBSD, per se.

    One thing to remember is that OpenBSD is using a somewhat different definition of "secure" than Trusted BSD is. Specifically, the OpenBSD idea of secuity looks to deny system compromises by locking down any possible explotable holes. Within the box, however, any programs and data are only secure within the limits of the standard Unix file permissions. This is a sufficient definition of security for, say, a corporate mail or web server.

    As I understand it, the TrustedBSD project is focusing on the higher levels of security and compartmentalization required to allow the processing of classified information. (For those who know the Orange Book , I believe we're talking C2 vs. B1.)

    The choice of FreeBSD as the basis for a "secure" operating system does seem a bit odd. I can only surmise that this choice was made for one of a couple of reasons:

    1) Familiarity with FreeBSD by the TrustedBSD designers.
    2) An outside factor such as a paying client.

    My guess is that it is a little of both. (Follow the money chain and I suspect you find a DoD contract somewhere.)

    Given, however, the cross-fertilization of the various BSDs, I wouldn't be surprised to see TrustedBSD extensions find their way into both Open and NetBSD... should a desire and need arise.

  6. By Jim () on

    I have a question, that may not be one to ask, but I am nosy.

    Warner Losh is the security officer for FreeBSD, as shown at http://www.freebsd.org/handbook/staff-who.html. But in this posting here http://www.sigmasoft.com/~openbsd/archive/openbsd-misc/199806/msg00157.html he says "...after all, I'm sold on running it (OpenBSD) on my MIPS box..."

    Does anyone know what happened? Was Warner a OpenBSD user who became a FreeBSD staff member? Now, don't anyone get me wrong, I love FreeBSD and OpenBSD both, and I use them both. And I would see nothing wrong with him becoming a FreeBSD staff member. I am just wondering what may have prompted the change.

  7. By Anonymous Coward () on

    This project is more of a "security by design" based approach than OpenBSD's largely "security by implementation", so the discussion of the choice of operating system used is largely irrelevant especially considering the license the work is released under.
    On a side note: What I'd really like in OpenBSD is FreeBSD's jail() functionality. That together with these posix security extensions would make OpenBSD a security über hammer :-)

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]