Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)

To: debian-devel@lists.debian.org
Cc: Hendrik Sattler <debian@hendrik-sattler.de>
Subject: Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)
From: Russell Coker <russell@coker.com.au>
Date: Sun, 4 Feb 2007 12:27:41 +1100
Message-id: <[🔎] 200702041227.42404.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 200702031347.49442.debian@hendrik-sattler.de>
References: <17855.31624.123993.146237@davenant.relativity.greenend.org.uk> <[🔎] 200702031221.28528.russell@coker.com.au> <[🔎] 200702031347.49442.debian@hendrik-sattler.de>

On Saturday 03 February 2007 23:47, Hendrik Sattler 
<debian@hendrik-sattler.de> wrote:
> > It's disabled by default, unlike in Fedora and Red Hat Enterprise Linux
> > where it's on by default.  I believe that the latest release of SUSE has
> > AppArmor on by default.
>
> RedHat has a long history of strange decisions.

Red Hat has a long history of making Linux easy to use.  Try using Fedora and 
Debian for the same sys-admin tasks and compare.  You will discover that 
right from the install Fedora is a lot easier.  Of course the Debian 
installer gives many options that the Fedora installer doesn't (degraded RAID 
arrays and encrypted block devices as two examples), but it's a lot harder to 
use.

The "targeted" SE Linux policy was developed because the "strict" policy was 
too difficult to use for most of the Fedora user-base.

> > You claim that almost all the examples I gave have problems.  Please
> > explain the problems that you believe to be in exec-shield, PIE, and
> > poly-instantiated directories.  Make sure that they are real examples not
> > "a program might have some problem" claims.
>
> PIE:
> http://www.linuxfromscratch.org/hlfs/view/unstable/uclibc/chapter02/pie.htm
>l Does X already work with it? Mplayer is also name there and thus probably
> xine (using these win32-DLLs), too? How about things like Mono?

I don't recall anyone seriously suggesting compiling all programs with PIE, 
just the ones that are likely to be attacked.

Mplayer does many nasty things (such as loading Windows DLLs).  You can expect 
it to have problems that other programs don't have.

> Exec-shield is related to it, AFAIK.

Not really.

> For the poly-instantiated views to directories, I am not sure that this is
> thought to its end, yet.

It's been around in various forms for more than 10 years, people have thought 
about it a lot.

> The main usage will probably be /tmp but there are 
> already solutions for secure temp file creation.

http://www.coker.com.au/selinux/talks/sage-2006/PolyInstantiatedDirectories.html
There aren't any other solutions to the problems that are solved by 
PI-directories.  Read my paper from the above URL and see if you can discover 
another solution.

> Users may get confused why they do not see the same directory contents
> althought the path is the same.

Generally with PI-directories a user doesn't have the opportunity to see 
different views of the same directory so this isn't a problem.

-- 
russell@coker.com.au
http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to:

Follow-Ups:
- Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)
  - From: Steve Langasek <vorlon@debian.org>

References:
- Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)
  - From: Russell Coker <russell@coker.com.au>
- Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)
  - From: Hendrik Sattler <debian@hendrik-sattler.de>

Prev by Date: Bug#409563: ITP: thinkfinger -- library and utility for the SGS Thomson Microelectronics fingerprint reader
Next by Date: Re: Attempts at security
Previous by thread: Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)
Next by thread: Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)
Index(es):
- Date
- Thread