Will SuSE support stack smashing protection one day?
Hi there, I'm just playing a bit with IBM's SSP ( http://www.research.ibm.com/trl/projects/security/ssp/ ) and GCC 3.4.1. Since OpenBSD, Gentoo and others already ship with it, i wonder what do the SuSE security people think about SSP? Will SuSE support it in the future and if not, why? Is SSP really such an improvement as some say it is? regards Malte
On Tuesday 28 December 2004 10:03, Malte Gell wrote:
Hi there, I'm just playing a bit with IBM's SSP ( http://www.research.ibm.com/trl/projects/security/ssp/ ) and GCC 3.4.1. Since OpenBSD, Gentoo and others already ship with it, i wonder what do the SuSE security people think about SSP? Will SuSE support it in the future and if not, why? Is SSP really such an improvement as some say it is?
Will SUSE start to support it? I don't know. There are performance penalties involved with installing canary bytes before function calls and then checking them afterwards. I don't know what those penalties might be, but any performance sensitive application would certainly feel it. I wouldn't want such a thing on any Linux box I work with unless I have the option of turning it off when it gets in the way. Is SSP an improvement? Er, over what? Not having it there at all? Yes, but it's not a catch all system that will make all the buffer overflow vulnerabilities go away. That's the problem with these sorts of things: they tend to give a false sense of security. The SSP webpage says "Applications written in C will be protected by the method..." which just isn't true. It's not protected. Another hurdle is put in the path of an attacker, but these hurdles can be overcome: http://www.phrack.org/phrack/56/p56-0x05 Cluttering up code with these sorts of band-aid patches isn't the answer. The answer is to get the code right, or if that can't be guaranteed, to write the code in a language that isn't vulnerable to buffer overflows - i.e. something with security designed in, rather than bolted on.
On Tuesday 28 December 2004 05:00, Derek Fountain wrote:
Will SUSE start to support it? I don't know. There are performance penalties involved with installing canary bytes before function calls and then checking them afterwards.
I read somewhere at linuxfromscratch that these penalties are so small that they're virtually negligible even for performance critical apps.
... The answer is to get the code right, or if that can't be guaranteed, to write the code in a language that isn't vulnerable
Isn't this wishful thinking or unfeasable to a certain degree? I just thought if OpenBSD ships with SSP it must have noticeable advantages, otherwise they hadn't included it. Malte
On Tuesday 28 December 2004 01:11, Malte Gell wrote:
Isn't this wishful thinking or unfeasable to a certain degree? I just thought if OpenBSD ships with SSP it must have noticeable advantages, otherwise they hadn't included it.
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed. Which is why I don't like Open BSD. They have code audits, big deal so does SUSE, they ship it with everything turned off..... Big deal, you can do that with any Linux / BSD. It's shitty.
Malte
-- ----------------------------------------------- http://www.misfits.com Punk Rock, Opiates, and SUSE Linux. das Blut in den Adern erstarren lassen. Kuerbis der Zuhaelter
Hi Allen, Allen wrote:
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed. Which is why I don't like Open BSD. They have code audits, big deal so does SUSE, they ship it with everything turned off..... Big deal, you can do that with any Linux / BSD. It's shitty.
it's not shitty, it's clever. For most people it's an easier job to open up some potential holes in order to get something running than to close all of those potential holes in order to get secure. That's the same way every good firewall should work - drop by default and open up what you need. With your arguments - you can also make windows secure, somehow ;-). Besides that the OpenBSD-Team writes good (secure and functional) open source software that's quite often used under Linux, too. I'd not use OpenBSD on the desktop (besides old hardware), but I recommend to consider it for servers. Greetings, Ralf
On Tuesday 28 December 2004 10:29, Ralf Ronneburger wrote:
Hi Allen,
Allen wrote:
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed. Which is why I don't like Open BSD. They have code audits, big deal so does SUSE, they ship it with everything turned off..... Big deal, you can do that with any Linux / BSD. It's shitty.
it's not shitty, it's clever. For most people it's an easier job to open up some potential holes in order to get something running than to close all of those potential holes in order to get secure. That's the same way every good firewall should work - drop by default and open up what you need. With your arguments - you can also make windows secure, somehow ;-).
Except BSD isn't a firewall, it's an OS. If you couldn't make Windows secure, Hotmail would be hacksered as much as people try.
Besides that the OpenBSD-Team writes good (secure and functional) open source software that's quite often used under Linux, too. I'd not use OpenBSD on the desktop (besides old hardware), but I recommend to consider it for servers.
So how many have you actually set up using Open BSD? None? -- ----------------------------------------------- http://www.misfits.com Punk Rock, Opiates, and SUSE Linux. das Blut in den Adern erstarren lassen. Kuerbis der Zuhaelter
On Tuesday 28 December 2004 08:47, Allen wrote:
On Tuesday 28 December 2004 01:11, Malte Gell wrote:
Isn't this wishful thinking or unfeasable to a certain degree? I just thought if OpenBSD ships with SSP it must have noticeable advantages, otherwise they hadn't included it.
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed. Which is why I don't like Open BSD. They have code audits, big deal so does SUSE, they ship it with everything turned off..... Big deal, you can do that with any Linux / BSD. It's shitty.
What has turning on/off un/needed services to do with protection against buffer overflows? SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty. It would be interesting to see how much attacks had been prevented if SSP were used more widely. Malte
On Wednesday 29 December 2004 16:41, Malte Gell wrote:
What has turning on/off un/needed services to do with protection against buffer overflows?
If the service isn't running it doesn't matter how many buffer overflows are found in the code - none are exploitable.
SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty.
Er, a vulnerablility that hasn't been discovered isn't a danger to anyone and doesn't need protecting against! I'm not sure what you mean to say here.
It would be interesting to see how much attacks had been prevented if SSP were used more widely.
Not that many I suspect. SSP is unlikely to make a vulnerability unexploitable, just harder to exploit. If I were penetration testing a machine I knew to be using SSP I'd just craft my exploit accordingly. Sometimes SSP/Stackguard/Stackshield/et al make it impossible to exploit a vulnerability, but that is far from guaranteed. More likely the attacker just needs to try harder. You appear to be under the impression that these sorts of tools offer genuine protection. They don't. They sometimes downgrade a code execution exploit into a denial of service (because the "protected" program will still crash when its buffer is overflowed), but in general they just force the attacker to work harder.
Derek, On Wednesday 29 December 2004 01:45, Derek Fountain wrote:
On Wednesday 29 December 2004 16:41, Malte Gell wrote: ...
SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty.
Er, a vulnerablility that hasn't been discovered isn't a danger to anyone and doesn't need protecting against! I'm not sure what you mean to say here.
That certainly does not follow. Black hats can discover vulnerabilities, and I doubt they'd report them to CERT or another risk tracking and reporting authority.
...
Randall Schulz
On Wednesday 29 December 2004 10:39, Randall R Schulz wrote:
Derek,
On Wednesday 29 December 2004 01:45, Derek Fountain wrote:
On Wednesday 29 December 2004 16:41, Malte Gell wrote: ...
SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty.
Er, a vulnerablility that hasn't been discovered isn't a danger to anyone and doesn't need protecting against! I'm not sure what you mean to say here.
That certainly does not follow. Black hats can discover vulnerabilities, and I doubt they'd report them to CERT or another risk tracking and reporting authority.
Actually a few do; After making the 0-days they need, and after they have what they want, they wait a while to have some fun, but then they do report it so they can say they found it to everyone.
...
Randall Schulz
-- ----------------------------------------------- http://www.misfits.com Punk Rock, Opiates, and SUSE Linux. das Blut in den Adern erstarren lassen. Kuerbis der Zuhaelter
On Wednesday 29 December 2004 23:39, Randall R Schulz wrote:
SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty.
Er, a vulnerablility that hasn't been discovered isn't a danger to anyone and doesn't need protecting against! I'm not sure what you mean to say here.
That certainly does not follow. Black hats can discover vulnerabilities, and I doubt they'd report them to CERT or another risk tracking and reporting authority.
Um, but when a blackhat discovers it it's no longer undiscovered! My point wasn't about the theoretical semantics of when a vulnerability actually becomes a danger (obvious answer: when someone finds it) but that I thought the OP was trying to raise a different point.
-----Original Message----- From: Allen [mailto:gorebofh@comcast.net] Sent: 28 December 2004 07:47 To: suse-security@suse.com Subject: Re: [suse-security] Will SuSE support stack smashing protection one day?
On Tuesday 28 December 2004 01:11, Malte Gell wrote:
Isn't this wishful thinking or unfeasable to a certain degree? I just thought if OpenBSD ships with SSP it must have noticeable advantages, otherwise they hadn't included it.
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed.
What, like with Windows? XP's great, the default user has admin privs, and doesn't even need a password to log on! Really easy for the user. Crap design, but easy. Tom. -- Tom Knight System Administration Officer Arts & Humanities Data Service Web: http://www.ahds.ac.uk Email: tom.knight@ahds.ac.uk
On Tuesday 04 January 2005 07:19, Tom Knight wrote:
-----Original Message----- From: Allen [mailto:gorebofh@comcast.net] Sent: 28 December 2004 07:47 To: suse-security@suse.com Subject: Re: [suse-security] Will SuSE support stack smashing protection one day?
On Tuesday 28 December 2004 01:11, Malte Gell wrote:
Isn't this wishful thinking or unfeasable to a certain degree? I just thought if OpenBSD ships with SSP it must have noticeable advantages, otherwise they hadn't included it.
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed.
What, like with Windows?
XP's great, the default user has admin privs, and doesn't even need a password to log on! Really easy for the user. Crap design, but easy.
You're on a SUSE list standing up for OpenBSD. If you like it so much tell them on their list.
Tom.
-- Tom Knight System Administration Officer Arts & Humanities Data Service Web: http://www.ahds.ac.uk Email: tom.knight@ahds.ac.uk
-- ----------------------------------------------- http://www.misfits.com Punk Rock, Opiates, and SUSE Linux. das Blut in den Adern erstarren lassen. Kuerbis der Zuhaelter
Isn't this wishful thinking or unfeasable to a certain degree? I just thought if OpenBSD ships with SSP it must have noticeable advantages, otherwise they hadn't included it.
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed.
What, like with Windows?
XP's great, the default user has admin privs, and doesn't even need a password to log on! Really easy for the user. Crap design, but easy.
You're on a SUSE list standing up for OpenBSD. If you like it so much tell them on their list.
Well, that discussion for sure is not off-topic, but isn't it a bit silly? Johannes
Allen wrote:
You're on a SUSE list standing up for OpenBSD.
So what? There's absolutely nothing wrong with that.
If you like it so much tell them on their list.
Only on grounds of being off-topic on a mailing list focused on security could Tom consider moving to "their list". -- Mit freundlichen Grüßen / Yours sincerely Dipl. Inform. Ralph Seichter HORUS-IT Ahornweg 10 D-57635 Oberirsen Tel +49 2686 987880 Fax +49 2686 987889 http://horus-it.de/
Allen wrote:
You're on a SUSE list standing up for OpenBSD.
So what? There's absolutely nothing wrong with that.
Very true! Infact it's possibly a bad idea to "stick all of your eggs in one basket" and have a 100% homogenous OS environment. For example, even though we're migrating all of our servers to SuSE SLES, it might be a good idea to have our Firewall running [open|net]BSD. Why?? Whats wrong with a SLES firewall?? Well if there *did* ever happened to be an exploit that affected the Linux TCP/IP stack, then people might (possibly) be able run rampant across your network! However if you had a different OS for your firewall, then that would add an extra layer of network security. Possibly. Who knows!
If you like it so much tell them on their list.
Hell, maybe *BSD is more secure by default. SLES 9's default sshd_config isn't ideal, that's for sure! (I think it had "PasswordAuthentication no" but then it also had "UsePAM yes" as well... which OVERRIDES the first setting!!! End result... it still allows PasswordAuthentication unless you reconfigure PAM or set it to "UsePAM no"!). SuSE is great. *BSD's are all great. None of them are perfect, so there's no harm in comparing them. Cheers Mike
On 1/5/05 7:57 PM, "Mike Tierney" <miket@marketview.co.nz> wrote:
Allen wrote:
You're on a SUSE list standing up for OpenBSD.
So what? There's absolutely nothing wrong with that.
Very true! Infact it's possibly a bad idea to "stick all of your eggs in one basket" and have a 100% homogenous OS environment. For example, even though we're migrating all of our servers to SuSE SLES, it might be a good idea to have our Firewall running [open|net]BSD.
http://www.computerworld.com/securitytopics/security/story/0,10801,97157,00. html -- Thanks, George "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin
Interesting article. But if you go to the mi2g website and dig around, it says that lots of the problems with Linux were from home users misconfiguring their set-up or not updating vulnerable packages, etc. Shame they didn't break it down by "distribution" of Linux!! :)
-----Original Message----- From: george [mailto:gasjr4wd@mac.com] Sent: Thursday, 6 January 2005 2:17 p.m. To: suse-security@suse.com Subject: Re: [suse-security] Will SuSE support stack smashing protectionone day?
On 1/5/05 7:57 PM, "Mike Tierney" <miket@marketview.co.nz> wrote:
Allen wrote:
You're on a SUSE list standing up for OpenBSD.
So what? There's absolutely nothing wrong with that.
Very true! Infact it's possibly a bad idea to "stick all of your eggs in one basket" and have a 100% homogenous OS environment. For example, even though we're migrating all of our servers to SuSE SLES, it might be a good idea to have our Firewall running [open|net]BSD.
http://www.computerworld.com/securitytopics/security/story/0,10801,97157,0 0. html
-- Thanks, George
"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On 1/5/05 10:23 PM, "Mike Tierney" <miket@marketview.co.nz> wrote:
Interesting article.
But if you go to the mi2g website and dig around, it says that lots of the problems with Linux were from home users misconfiguring their set-up or not updating vulnerable packages, etc.
Yes, that is very true.
Shame they didn't break it down by "distribution" of Linux!! :)
That would have been nice. Some flavors install (almost) as bad as M$ - everything open. (isn't it mandrake or something?) Then you have some that install with everything closed. But to be honest, I also have OSX servers. It is a nice GUI, and is good at what it does. You just have to get used to the fact that you can't change the eye candy. We have had three other servers going for years with out anyone getting in or even close, each with out a firewall at all. Those three are ASIP servers. Totally different way of thinking... Still going strong. Long live OS9! :) -- Thanks, George "...Linux, MS-DOS, and Windows XP" (also known as the Good, the Bad, and the Ugly)
On Wed, Jan 05, 2005 at 10:59:26PM -0500, george wrote:
On 1/5/05 10:23 PM, "Mike Tierney" <miket@marketview.co.nz> wrote:
Interesting article.
But if you go to the mi2g website and dig around, it says that lots of the problems with Linux were from home users misconfiguring their set-up or not updating vulnerable packages, etc.
Yes, that is very true.
Shame they didn't break it down by "distribution" of Linux!! :)
That would have been nice. Some flavors install (almost) as bad as M$ - everything open. (isn't it mandrake or something?) Then you have some that install with everything closed.
But to be honest, I also have OSX servers. It is a nice GUI, and is good at what it does. You just have to get used to the fact that you can't change the eye candy.
We have had three other servers going for years with out anyone getting in or even close, each with out a firewall at all. Those three are ASIP
How would you know? I mean if someone doesn't put a firewall up, believe me there are people who can get in without being noticed at all. Hell I know hot to forge logs, and it would seem like everything is fine.
Long live OS9! :)
Dear me...
--
Thanks, George
"...Linux, MS-DOS, and Windows XP" (also known as the Good, the Bad, and the Ugly)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On 1/6/05 12:14 PM, "Allen" <gorebofh@comcast.net> wrote:
We have had three other servers going for years with out anyone getting in or even close, each with out a firewall at all. Those three are ASIP
How would you know? I mean if someone doesn't put a firewall up, believe me there are people who can get in without being noticed at all. Hell I know hot to forge logs, and it would seem like everything is fine.
Long live OS9! :)
Dear me...
LOL ...guess you are not familiar with mac os 9?! TOTALLY different from what you may be used to. (And I'm thinking 6-7, maybe 8 years up and running. Just a reboot or two for ram upgrades.) ____________ I understand what you are saying about faking logs... But you gota know OS9 and asip. ;) Nothing like Linux/M$/etc. But that said, there are other ways of knowing... -- Thanks, George The day Microsoft make something that doesn't suck will be the day they start making vacuum cleaners" - Anonymous
On Thu, Jan 06, 2005 at 01:27:55PM -0500, george wrote:
On 1/6/05 12:14 PM, "Allen" <gorebofh@comcast.net> wrote:
We have had three other servers going for years with out anyone getting in or even close, each with out a firewall at all. Those three are ASIP
How would you know? I mean if someone doesn't put a firewall up, believe me there are people who can get in without being noticed at all. Hell I know hot to forge logs, and it would seem like everything is fine.
Long live OS9! :)
Dear me...
LOL
...guess you are not familiar with mac os 9?!
Can't say I've ever used it.
TOTALLY different from what you may be used to. (And I'm thinking 6-7, maybe 8 years up and running. Just a reboot or two for ram upgrades.)
How is this different from what I'm used to?
I understand what you are saying about faking logs... But you gota know OS9 and asip. ;) Nothing like Linux/M$/etc.
No I don't.
But that said, there are other ways of knowing... -- Thanks, George
On Thu, Jan 06, 2005 at 01:57:24PM +1300, Mike Tierney wrote:
Allen wrote:
You're on a SUSE list standing up for OpenBSD.
So what? There's absolutely nothing wrong with that.
Very true! Infact it's possibly a bad idea to "stick all of your eggs in one basket" and have a 100% homogenous OS environment. For example, even though we're migrating all of our servers to SuSE SLES, it might be a good idea to have our Firewall running [open|net]BSD.
Why?? Whats wrong with a SLES firewall?? Well if there *did* ever happened to be an exploit that affected the Linux TCP/IP stack, then people might (possibly) be able run rampant across your network! However if you had a different OS for your firewall, then that would add an extra layer of network security. Possibly. Who knows!
If you like it so much tell them on their list.
Hell, maybe *BSD is more secure by default. SLES 9's default sshd_config isn't ideal, that's for sure! (I think it had "PasswordAuthentication no" but then it also had "UsePAM yes" as well... which OVERRIDES the first setting!!! End result... it still allows PasswordAuthentication unless you reconfigure PAM or set it to "UsePAM no"!).
Um, NO, BSD is NOT more secure than SUSE. SUSE lets you install, then update all patches BEFORE it's even been booted for the first time. That alone gives it a HUGE advantage over BSD. Open BSD might have everything turned off but the only people who gain anything from that are VERY lazy admins. Home users who don't know how to edit configs wouldn't use it to begin with. SUSE has a good firewall front end for IPtables, it updates before booting and X is even not listening by default and you can shut down other services before it boots as well. Put this in the hands of someone who isn't a complete moron and you have a very secure box. SSH by default.... Ummm, I needed to log in before it let me in, what are you talking about?
SuSE is great. *BSD's are all great. None of them are perfect, so there's no harm in comparing them.
I wrote docs for Free BSD, I knwo it's great, but not more secure than SUSE. Let it be known any OS can be made secure. Including DOS. think about it, one user, one task, well, be the one user doing the one task and it can no longer handle anymore applications. You would of course need a custom app to take the risk of more threads being created so someone COULD hack into it, but it can be done.
Cheers Mike
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On 1/6/05 4:06 PM, "Allen" <gorebofh@comcast.net> wrote:
SUSE lets you install, then update all patches BEFORE it's even been booted for the first time.
Cool- didn't know this. Is this document anyplace? (sorry if it's obvious- I never saw it or knew to look for it) -- Thanks, George Constantly choosing the lesser of two evils is still choosing evil. Jerry Garcia
Hello, Am Donnerstag, 6. Januar 2005 22:37 schrieb george:
On 1/6/05 4:06 PM, "Allen" <gorebofh@comcast.net> wrote:
SUSE lets you install, then update all patches BEFORE it's even been booted for the first time.
Cool- didn't know this.
Is this document anyplace? (sorry if it's obvious- I never saw it or knew to look for it)
Just install a new SuSE release - you will see it, I promise ;-) Before the very first reboot, YaST asks if the internet connection should be tested and the available updates should be installed. It is also mentioned in the admin handbook in the install chapter (but only in few words, since it is really clear what to do ;-) Regards, Christian Boltz -- "Error Message: Your Password Must Be at Least 18770 Characters and Cannot Repeat Any of Your Previous 30689 Passwords (Q276304)" http://support.microsoft.com/default.aspx?scid=kb;EN-US;q276304
Allen wrote:
On Thu, Jan 06, 2005 at 01:57:24PM +1300, Mike Tierney wrote:
Allen wrote:
You're on a SUSE list standing up for OpenBSD.
So what? There's absolutely nothing wrong with that.
Very true! Infact it's possibly a bad idea to "stick all of your eggs in one basket" and have a 100% homogenous OS environment. For example, even though we're migrating all of our servers to SuSE SLES, it might be a good idea to have our Firewall running [open|net]BSD.
Why?? Whats wrong with a SLES firewall?? Well if there *did* ever happened to be an exploit that affected the Linux TCP/IP stack, then people might (possibly) be able run rampant across your network! However if you had a different OS for your firewall, then that would add an extra layer of network security. Possibly. Who knows!
If you like it so much tell them on their list.
Hell, maybe *BSD is more secure by default. SLES 9's default sshd_config isn't ideal, that's for sure! (I think it had "PasswordAuthentication no" but then it also had "UsePAM yes" as well... which OVERRIDES the first setting!!! End result... it still allows PasswordAuthentication unless you reconfigure PAM or set it to "UsePAM no"!).
Um, NO, BSD is NOT more secure than SUSE. SUSE lets you install, then update all patches BEFORE it's even been booted for the first time. That alone gives it a HUGE advantage over BSD.
That's not exactly what happens. The kernel HAS booted at that stage. Its just a special envrionment set up directly from the initrd (or something like that, I've never looked how that syslinux thing works exactly). You could run stuff in that stage. In fact, you have terminals available if you want them. You can download using wget and install or simply run programs on the ramdisk. The only thing that hasn't happend yet is the normal boot process with init and all the init-scripts which form the normal envrionment. Of course the point is somewhat moot and I also like the way it is done. It's very flexible.
SUSE has a good firewall front end for IPtables, it updates before booting and X is even not listening by default and you can shut down other services before it boots as well.
Put this in the hands of someone who isn't a complete moron and you have a very secure box. SSH by default.... Ummm, I needed to log in before it let me in, what are you talking about?
I don't have a SLES9 but I believe he means to say that PasswordAuthentication was still possible even with it set to off on sshd.
SuSE is great. *BSD's are all great. None of them are perfect, so there's no harm in comparing them.
I wrote docs for Free BSD, I knwo it's great, but not more secure than SUSE. Let it be known any OS can be made secure. Including DOS. think about it, one user, one task, well, be the one user doing the one task and it can no longer handle anymore applications. You would of course need a custom app to take the risk of more threads being created so someone COULD hack into it, but it can be done.
There are two very great articles on this topic: Why Linux will never be as secure as OpenBSD: http://www.seifried.org/security/os/20011107-linux-openbsd.html Then follow up with Why OpenBSD will never be as secure as Linux: http://www.seifried.org/security/os/20011107-openbsd-linux.html Note that both articles are quite old and are outdated. The essence is still there though. 3 Years ago I tried out LIDS. It can make your linux box absolutely unusable for anyone without the the access key. You can really give everyone the root pw once it's setup. They can't do any damage. But it's a huge PITA to setup. Ultimately though, if you're really really really paranioid, it's the thing to do. As I said that was 3 years or longer back and I don't know where it is today. But you can really seal off a Linux box in a way BSD just can't. Wheter you want or need that is an entirely other matter though. And I believe I've heard that the BSD folks are working on something similar. -- C U - -- ---- ----- -----/\/ René Gallati \/\---- ----- --- -- -
3 Years ago I tried out LIDS. It can make your linux box absolutely unusable for anyone without the the access key. You can really give everyone the root pw once it's setup. They can't do any damage. But it's a huge PITA to setup.
I had very good luck setting up grsecurity. It has been a bit of a pain since the 2.6 kernel patches for grsecurity have been slow comming, but it looks like this is going to change. grsecurity does provide essentially everything BSD/LIDS provide, and it is nicely configurable to your likings either at compile time or later via sysctl. too bad its not an option of the default Suse install :-/. -- -------------------- Johannes Ullrich jullrich@euclidian.com
Hi all. I have an idea for an open source CASE tool, that should help in the development of structured, and thus easier to maintain code. This method should help in the development of more secure code. This is just an idea, that I do not have time to implement. For more info, please see the homepage of http://www.karsites.net/ 'SPDTool - an idea for a structured open source development CASE tool.' Find out more at the above link! On Tue, 28 Dec 2004, Derek Fountain wrote:
To: suse-security@suse.com From: Derek Fountain <dflists@iinet.net.au> Subject: Re: [suse-security] Will SuSE support stack smashing protection one day?
Cluttering up code with these sorts of band-aid patches isn't the answer. The answer is to get the code right, or if that can't be guaranteed, to write the code in a language that isn't vulnerable to buffer overflows - i.e. something with security designed in, rather than bolted on.
On Tue, Dec 28, 2004 at 03:03:47AM +0100, Malte Gell wrote:
Hi there,
Hello.
I'm just playing a bit with IBM's SSP ( http://www.research.ibm.com/trl/projects/security/ssp/ ) and GCC 3.4.1. Since OpenBSD, Gentoo and others already ship with it, i wonder what do the SuSE security people think about SSP? Will SuSE support it in the future and if not, why? Is SSP really such an improvement as some say it is?
We evaluated various solutions. The problem is that some are very intrusive and most can be bypassed. We are aware of the fact that we *need* such a protection and are working hardly to get it done. -- Bye, Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX AG, Security Support & Auditing -- Teachers should prepare the student for the student's future, not for the teacher's past. -- Richard W. Hamming
On Wednesday 29 December 2004 13:00, Thomas Biege wrote: Hi,
We evaluated various solutions. The problem is that some are very intrusive and most can be bypassed.
We are aware of the fact that we *need* such a protection and are working hardly to get it done.
thanx, interesting answer ;-) I guess it suggests SSP isn't the best solution in your view, I've just read some positive things about it and this initially led to my question. Malte
On Wed, Dec 29, 2004 at 05:43:49PM +0100, Malte Gell wrote:
On Wednesday 29 December 2004 13:00, Thomas Biege wrote: Hi,
We evaluated various solutions. The problem is that some are very intrusive and most can be bypassed.
We are aware of the fact that we *need* such a protection and are working hardly to get it done.
thanx, interesting answer ;-) I guess it suggests SSP isn't the best solution in your view, I've just read some positive things about it and this initially led to my question.
We didn't checked SSP AFAIK. -- Bye, Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX AG, Security Support & Auditing -- Teachers should prepare the student for the student's future, not for the teacher's past. -- Richard W. Hamming
On Wed, Dec 29, 2004 at 08:59:56PM +0100, Thomas Biege wrote:
On Wed, Dec 29, 2004 at 05:43:49PM +0100, Malte Gell wrote:
On Wednesday 29 December 2004 13:00, Thomas Biege wrote: Hi,
We evaluated various solutions. The problem is that some are very intrusive and most can be bypassed.
We are aware of the fact that we *need* such a protection and are working hardly to get it done.
thanx, interesting answer ;-) I guess it suggests SSP isn't the best solution in your view, I've just read some positive things about it and this initially led to my question.
We didn't checked SSP AFAIK.
SSP is also called IBM Stackprotector after reading google again. We had a look at it, but the inclusion criteria for us is that is also included in upstream gcc. According to rumors IBM is working on that, but I doubt we will see that before gcc 4.1. Ciao, Marcus
We are aware of the fact that we *need* such a protection and are working hardly to get it done.
To avoid confusion: I meant "hard" not "hardly". :) Bye, Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX AG, Security Support & Auditing -- Teachers should prepare the student for the student's future, not for the teacher's past. -- Richard W. Hamming
participants (16)
-
Allen -
Christian Boltz -
Derek Fountain -
george -
Johannes B. Ullrich -
Johannes Becker -
Malte Gell -
Marcus Meissner -
Mike Tierney -
Ralf Ronneburger -
Ralph Seichter -
Randall R Schulz -
Rene Gallati -
suse@karsites.net -
Thomas Biege -
Tom Knight