|
|||
The insecurity of OpenBSD
From http://allthatiswrong.wordpress.com/...ty-of-openbsd/
Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
I think you may have missed the point of my article, and also grossly oversimplified, and thus dismissed my argument. Which is not limited to ACL's, but also MAC, and other methods of actually locking down the system in the event of an intrusion. I'm happy to discuss that argument, but so far all I have seen are dismissals, not rebuttals. So when you need to run software that has not been audited, and someone breaks in and their is no sufficient way to limit what they can do, this is fine? |
|
|||
Nowadays applications are becoming the biggest security issue
From a discussion on the openbsd ports mailing list about "ethereal/wireshark" at http://article.gmane.org/gmane.os.openbsd.ports/35284/ Quote:
I myself, although I am 57, take a very radical stand. I don't think that keeping renovating the Unix/Linux/BSD building, an ACL here, a MAC there will bring us much further. I rather would see a new building, designed from the ground up with security as one of its leading design principles. Just look at sendmail, still a design from the time when the Internet was a friendly place where scientists exchanged information. Off course sendmail could be an open relay at those times, no problem at all. Spam still was some kind of meat, and not junk you find in your trash mail folder. Under pressure of the popularization of the internet, all kind of extra security measures had to be added to sendmail. As a reaction you see Bernstein come up with qmail, postfix by Venema both designed with security in mind. IMHO we need architects like Bernstein and Venema but then for a new secure OS. But just like you I still expect to use OpenBSD for a long time as network firewall and router
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Do you honestly believe you've contributed anything that hasn't been discussed to death on the mailing lists before?
|
|
|||
Quote:
The reason I tried to make an actual argument, was that I got tired of perhaps someone bringing it up, and then a thousand OpenBSD users pooh-poohing it with the same old claims. I hoped by actually writing an argument to invalidate those claims, it would at the least encourage discussion. |
|
||||
Hello and welcome.
From your article: Quote:
Whether or not ACL's, MAC labels, and whatnot are good security features is a entirely different discussion. If you are going to implement such feature, then they must be writing with quality code or else there will be security holes. In any case, ACL's are not a magic bullet for a secure system, point in case being the MS Windows Nt/2000/XP/Vista/7 systems, which all have ACLs are are not exactly widely known for their security
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
||||
Quote:
Quote:
I think you dramatized the whole thing a bit just because OBSD doesn't use these specific mechanisms [i.e ACL, MAC, etc]. Regards |
|
||||
Quote:
Quote:
Quote:
Should I need an ACL for some reason on an OpenBSD platform, there is one: AFS, which has a multi-layer ACL. OpenBSD has the Arla AFS client built in to the base system, and the OpenAFS server available in the ports tree, with authentication for both managed via the built in Heimdal Kerberos service. An ACL can be useful for policy governance. Last edited by jggimi; 22nd January 2010 at 06:48 PM. |
|
|||||
Quote:
I agree completely that writing secure code is a necessary component of a secure operating system. By itself however, it is not enough. Also with ways to mitigate exploits, it is not enough. On a secure system, I should be able to run insecure software or have untrustworthy users, and control the damage that can be done. This is simply not true for OpenBSD. Quote:
I will also note that NT actually provides very powerful methods of securing systems, and certainly could restrict the damage that an attacker could do, although nowhere near as much as with MAC. Quote:
Some interesting discussion was taking place in my blog, but even then it is the same arguments. MAC is bolted on/can be easily turned of, is insecure, adds no meaningful security etc. All untrue. Quote:
For most cases however, MAC provides meaningful security. It is also interesting to note that the more serious database platforms generally implement at least some from of RBAC/MAC. Quote:
2. You can' seriously be suggesting running a DFS locally as a substitution for a MAC implementation because it has an ACL? |
|
||||
Quote:
Personally, I find ACLs, unless carefully designed, nearly always difficult to manage, and due to that difficulty, often poorly managed. (MACs are far more intrusive, by design, and have commensurate complexity and management concerns, but let us stay focused on ACLs.) Here is a real world example regarding ACLs: One of my tasks for a large, commercial customer is to find a way to eliminate, dismantle, or circumvent the ACL structure that was intended to govern access to major document repository, but has only gotten in the way of the repository's functionality. The ACL was implemented at senior management's request, and is now to be either eliminated, dismantled, or circumvented -- at senior management's request. It impacts 2400 users across two continents. The impact of the current ACL is so intrusive into business operations that senior management is willing to expend capital to duplicate the entire infrastructure, minus the ACLs, if that is what is required.Would I use OpenBSD if I needed an ACL? Perhaps, but only if AFS provided additional advantages, which it might. But I am a strong proponent of the right platform for the right reasons, driven downward by a business or organization: goals & objectives -> requirements -> application -> architecture -> infrastructure -> platform. And, when the infrastructure includes a network, I look to see if OpenBSD can add value to it. It may not be the appropriate application platform, but it might be useful in an adjunct capacity. |
|
|||
Quote:
Your ACL example sounds absolutely horrible, but this is not a problem with the technology itself, or perhaps even that implementation of the technology. Its hard to say without knowing more details...it could have just as easily been poor design and management. Using SELinux as an example, many people say this is too complex and disable. EVen if this is true, it is an argument against that particular implementation. GRSecurity, AppArmor and RSBAC all are easier to administer, and have saner error messages and policies. The technology can be implemented in a way that is easy to administer without sacrificing functionality. The problem here is that the OpenBSD team refuses that any increase in security is provided. |
|
||||
We're going to have to agree to disagree, then. Note that, should I ever have an application that requires a MAC environment (I haven't yet, but I never say never), the platform of choice will not be OpenBSD:
Quote:
|
|
||||
That blog is just a hog wash. To quote one of kind souls from misc AT openbsd in order to have secure operating system you have to design secure hardware. i386 hardware is crap by design.
Any further discussion is waist of time. Security of OS and hardware is a very deep topic. Many very smart people were thinking about that. It is true that OpenBSD doesn't belong to the group of secure operating systems due to its Unix heritage. Unix was never meant to be truly secure operating system if for no other reasons then for its portability. People who are interested in secure operating systems should try to find as many documents as possible written by the scientists of RAND corporation and NSA. Basically we common humans know about security about as much as it leaked from NSA and RAND. That is the real truth. Last edited by Oko; 24th January 2010 at 12:18 AM. |
|
||||
Quote:
To me it's some sort of a consensus, or golden mean if you want. Regards |
|
||||
Quote:
ask Theo and the bunch what do they think about it. I am not talking here M$ bullshit. I am talking serious military stuff. |
Thread Tools | |
Display Modes | |
|
|