First Linux Question

Printable View

Show 40 post(s) from this thread on one page

October 25th, 2005, 07:21 AM
!mitationRust

One more and I'll let it go.........

http://www.dwheeler.com/dwheeler.html
http://www.dwheeler.com/secure-progr...WTO/index.html

"I give this book away in the hope that future software developers won't repeat past mistakes, resulting in more secure systems.

7.12. Set up a Trusted Path
Unfortunately, at the time of this writing SAK is immature and not well-supported by Linux distributions. Another approach for implementing a trusted path locally is to control a separate display that only the login program can perform. For example, if only trusted programs could modify the keyboard lights (the LEDs showing Num Lock, Caps Lock, and Scroll Lock), then a login program could display a running pattern to indicate that it's the real login program. Unfortunately, since in current Linux normal users can change the LEDs, the LEDs can't currently be used to confirm a trusted path. Sadly, the problem is much worse for network applications........." time of writing 1999, 2000, 2001, 2002, 2003 by David A. Wheeler

And just for kicks, I reached for an Oreilly book on my bookshelf, it's called practical Unix and Internet security 2nd edition. I came to a chapter called defending your accounts --> protecting the root account.p243-247. They don't put much faith in their trusted channels either ,nor the TCB for that matter.
October 25th, 2005, 08:21 AM
catch

One thing really gives Linux's trusted path the death knell... even current implementations that people have argued to be a close proxy to a true trusted path have essentially no functionality. The kill everything and drop you to init... while marginally useful, a trusted path is more than just about logging in... what if you wish perform other tasks in need of high(er) assurances? Like changing your password or process management?

I will, as iIsaid before chalk this one up to Linux being incapable. On to the next question! (that I'll prolly post tomorrow cause I literally have like 600 pages I need to get through by tomorrow morning... as it is I am gonna miss [adult swim])

cheers,

catch
October 25th, 2005, 07:16 PM
rcgreen

One last paranoid rant from rcgreen(who invented paranoia)

You still, profoundly, don't get it. After contemplating this for a while, I've
come to the conclusion that the linux kernel people wouldn't want to implement
the feature you want here. There's a wide philosophical gulf between you and them.
Once again, you turn security on its head, and things are the opposite of what they
mean.

To have a keypress that is secret and beyond the control or comprehension of the
competent user, administrator or programmer is, to you, secure,
While an empowered user is a threat. Did you think about Ken Thompson's
conclusion? No code is trustworthy unless you deem it trustworthy.

You seem to think that, if the person who wrote the windows kernel tells
you that this keypress is secure, then it is secure, and if the author
of the linux kernel refuses to hide this knowledge from you, then his kernel
lacks "assurance"

You need to stop messing with PCs and get a mainframe.
:cool:
October 25th, 2005, 08:39 PM
Trevoke

rcgreen, you make a very good point, and I want to agree with you that catch "doesn't get it".
However, his need is ... Somewhat.. Genuine.
I do believe that the issue lies in the estimation of the risk, as well as in the difference of philosophy.
I don't have enough knowledge to argue this, but here's my point.
Catch is right : what he's asking for doesn't exist in Linux.
Catch is wrong : he's thinking about it in Windows terms; the Linux question/answer is different, due to fundamental differences.
October 25th, 2005, 09:58 PM
!mitationRust

There was clearly no (SFUG) security features user's guide. So even if you used linux's immature "trusted" path, where would the admin start? Printout bits and pieces of unverified instructions from google? Hah, not in my mature environment. Also, it can be clearly manipulated in a malicious way. Kind of sounds shady for something that's trusted.

RC, you're going to accept trusted system philosophy, you will learn by the numbers, I will teach you. Resistance is futile. ;)

No, the linux camp is just figuring out how hard it really is to retrofit security into an OS after its been designed. It's apparent that they're scrambling for augmented BS..... all of which are dubitable. Why are they desperately trying to find these augments? Because their system is being held against the yardsticks of the industry. Because their system wasn't designed for this. Because they tried reinventing a wheel that was made in the 70's-80's. Because they chose not to take a leaf from these books that clearly define the principles of correctness. I won't get into the rainbows RBAC and DBAC... inside joke. Buhahahahaha You can either go with the grain, or against the grain when designing an OS. They went against it.

Besides he said AIX, IRIX and XENIX don't meet his needs as a common workstation. I have a little to say about those too. Only a few offer it and they're only augmented with these mechanisms! Oh, hell, no.....run a special trusted shell......manual TCB marking exec ()....when using the trusted path mechanism, they have to be sure to limit superuser logins to only the associated terminals....(why should I even have to worry about that?)....require reconfiguring my kernel just to insert the correct terminal code..... shits getting manipulated at all domain levels. But they do say consult the vendor guides. I guess that's where my 80k went (SFUG's). :)

Jesus_H_Christ! Can't I just walk up to a terminal and safely execute some primitive OS functions? It's not rocket science, the TCB is part of the OS on which my trust in the ssecurity of the whole system depends. It's your pillar of strength. Domains: Kernel-->OS-->User... the ignant get the game twisted.

It's over.... either you have the goods or you don't. Once the threads of fate have tangled, it cannot be undone. Critical blunders and miscalculations in the design were made long ago.
October 25th, 2005, 10:32 PM
neel

So... are we talking alongside eachother or are we actually responding to one another.

!mitationRust, please take this in a fun way, but I'm gonne have to say it. My english teacher would beat you up with a lead pipe if I gave him/her some of the replies in here. Even if they're grammatically correct (I guess they are), some are just exhausting to read. And I'm not even talking about the technical aspects or the abrievations.
October 25th, 2005, 10:35 PM
catch

I agree with !im, but he skipped a comment made by RC that really stood out to me:

Quote:

a keypress that is secret and beyond the control or comprehension of the competent user, administrator or programmer

Secret and incomprehensible... I think you wanted to post this in the "What drugs have you done?" thread.

cheers,

catch
October 26th, 2005, 12:39 AM
jinxy

Guys, lets not let this thread degenerate.

Catch,
Post the second question, please.............I think i've learnt more through reading and researching this thread than anything else on this board for along time.
October 26th, 2005, 04:54 AM
rcgreen

Quote:

I think you wanted to post this in the "What drugs have you done?" thread.

Been there, done that. Next Question!
:cool:
October 27th, 2005, 02:57 PM
Trevoke

Imitationrust wrote :
Because their system wasn't designed for this.

Damn straight!
I would never use Linux as a server. But I said that already. a *BSD or a *nix, which are more focused on security, alright. But Linux was not designed with security in mind. No OS is perfect, and the best you can ask from an OS is that it fulfill the niche for which it was designed.

Show 40 post(s) from this thread on one page