Contributed by Dengue on from the daemons-you-can-trust dept.
After looking over the information at the TrustedBSD project site, I see nothing there about a source code audit...
I won't deny the usefulness of ACL's, etc., but how secure can your system be if it is susceptible to buffer overflows and race conditions? Here's another question: At what point i.e. lines of code, number of programmers, levels of complexity, does a project become effectively un-auditable?
I can think of a number of projects, mostly Microsoft ones, whose gargantuan size prohibits any effective level of auditing, but what about OpenSource projects? When does it get out of control?
(Comments are closed)
By Boris () no on http://www.he.net
By azure () on
What is the purpose of this?
By Anonymous Coward () on
actually implemented capabilities like IRIX
already has, and freebsd is working on. It is
not very complex, on the trusted web site
they have the patches that include capability
patches to freebsd
Comments
By azure () on
Comments
By Janne Johansson () jj@dynarc.se on mailto:jj@dynarc.se
suided admintools to exploit, the multimedial
binaries that follows symlinks to anywhere and
the graphical filesystem browser that makes little
girls go: "I know this, it's a unix system".
Comments
By azure () on
By bengt@softwell.se () on
Previously IRIX capabilities where nothing like 'real' (Computer Science) capabilities. Have they improved?
For a simple intro to capabilities, see:
http://www.eros-os.org/essays/capintro.html
By Anonymous Coward () on
Comments
By Joey Maier () maierj@earthlink.net on mailto:maierj@earthlink.net
http://sigmasoft.com/~openbsd/archive/openbsd-misc/199806/msg00141.html
Unless he's changed his mind, I doubt that the freebsd stuff will be used.
By John Ruschmeyer () jruschme@freewwweb.com on mailto:jruschme@freewwweb.com
One thing to remember is that OpenBSD is using a somewhat different definition of "secure" than Trusted BSD is. Specifically, the OpenBSD idea of secuity looks to deny system compromises by locking down any possible explotable holes. Within the box, however, any programs and data are only secure within the limits of the standard Unix file permissions. This is a sufficient definition of security for, say, a corporate mail or web server.
As I understand it, the TrustedBSD project is focusing on the higher levels of security and compartmentalization required to allow the processing of classified information. (For those who know the Orange Book , I believe we're talking C2 vs. B1.)
The choice of FreeBSD as the basis for a "secure" operating system does seem a bit odd. I can only surmise that this choice was made for one of a couple of reasons:
1) Familiarity with FreeBSD by the TrustedBSD designers.
2) An outside factor such as a paying client.
My guess is that it is a little of both. (Follow the money chain and I suspect you find a DoD contract somewhere.)
Given, however, the cross-fertilization of the various BSDs, I wouldn't be surprised to see TrustedBSD extensions find their way into both Open and NetBSD... should a desire and need arise.
By Jim () on
Warner Losh is the security officer for FreeBSD, as shown at http://www.freebsd.org/handbook/staff-who.html. But in this posting here http://www.sigmasoft.com/~openbsd/archive/openbsd-misc/199806/msg00157.html he says "...after all, I'm sold on running it (OpenBSD) on my MIPS box..."
Does anyone know what happened? Was Warner a OpenBSD user who became a FreeBSD staff member? Now, don't anyone get me wrong, I love FreeBSD and OpenBSD both, and I use them both. And I would see nothing wrong with him becoming a FreeBSD staff member. I am just wondering what may have prompted the change.
By Anonymous Coward () on
On a side note: What I'd really like in OpenBSD is FreeBSD's jail() functionality. That together with these posix security extensions would make OpenBSD a security über hammer :-)