DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th December 2010
jackthechemist jackthechemist is offline
Port Guard
 
Join Date: Dec 2010
Posts: 14
Thanked 0 Times in 0 Posts
Default Sterilization of downloaded/mounted media/drives/filesystems

Greetings all,

I rarely, if ever, download copyrighted media these days however I do possess flash drives, DVDs, CDs, floppys, tapes, hard-disks (with and without file-systems installed) etc. with a plenty of media that I have hesitated to put on my system.

How does BSD handle such items? My concern is that one of the aforementioned devices could have something harmful or infectious, that may auto-execute when I connect it even...

Just the other day I recall my friend plugged his ipod-like device into my computer to charge. The next day he asked me to put music on it, which I did, at work...but when I plugged it into my work computer, OfficeScan said it was infectious!

In either case, it got me wondering how OpenBSD handles these sorts of things. Anyone know?

Thanks.

Jack
Reply With Quote
  #2   (View Single Post)  
Old 17th December 2010
ocicat ocicat is online now
Administrator
 
Join Date: Apr 2008
Posts: 2,834
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by jackthechemist View Post
OfficeScan said it was infectious!
No virus identification is perfect. False positives can be found in most AV products.
Quote:
How does BSD handle such items? My concern is that one of the aforementioned devices could have something harmful or infectious, that may auto-execute when I connect it even...
You are making the assumption that an executable from the Windows world can run on OpenBSD. Both operating systems do not require the same signature of startup code placed at the beginning of binaries, so the chances of successfully running another operating system's binaries on OpenBSD is most likely impossible unless some form of emulation has been configured. At one time when OpenBSD's ports tree didn't contain common & popular applications, emulation was important, but now that many popular applications are natively available, emulation is much less used and/or maintained. In fact, a number of older emulation layers have been removed in -current.

You may want to look into what is required for emulation. Starting with reading the compat_linux(8) or compat_freebsd(8) manpages is a good start.

If you concerned about viruses (& most only target Windows...), you might want to look at Clam AV in packages:

http://openports.se/security/clamav
Reply With Quote
  #3   (View Single Post)  
Old 17th December 2010
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 305
Thanked 9 Times in 9 Posts
Default

Here's the thing: Windows will take a file and attempt to execute it based on extension. Try it sometime. Create a file in notepad. Name it omg.exe. Double click on it.

Every other operating system on the planet (especially OpenBSD and other Unix/Unix-like systems) actually check what's called the magic number at the beginning of the file that stamps the file as executable. Look:

Code:
$ hexdump /bin/ls | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /bin/ls | cut -d'>' -f1
ELF
$ hexdump /bin/sh | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /bin/sh | cut -d'>' -f1
ELF
$ hexdump /usr/bin/file | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /usr/bin/file | cut -d'>' -f1
ELF
$ hexdump /usr/bin/cdio | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /usr/bin/cdio | cut -d'>' -f1
ELF
Note how the result is the same for each executable...they're all ELF format executables (ELF stands for Executable and Linkable Format). The exception to these magic numbers is executable shell scripts, which list the interpreter that should be used to read and execute the text of the script:

Code:
$ hexdump /usr/local/bin/soffice | head -1
0000000 2123 622f 6e69 732f 0a68 0a23 2023 4f24
$ head -1 /usr/local/bin/soffice
#!/bin/sh
Now look at a Windows executable (I scp'd some exes to my OpenBSD box):

Code:
$  hexdump Firefox\ Setup\ 3.6.exe | head -1
0000000 5a4d 0090 0003 0000 0004 0000 ffff 0000
$ hexdump Tcpview.exe | head -1
0000000 5a4d 0090 0003 0000 0004 0000 ffff 0000
See how the numbers are different (They match each other because they're Windows executables (PE executables, i.e. "Portable Executable" format), but they differ from OpenBSD's "magic numbers" (in other words, they aren't ELF format executables))? Now look:

Code:
$ chmod 700 Firefox\ Setup\ 3.6.exe # mark the windows exe's as being executable so OpenBSD will at least *try* to run them
$ chmod 700 Tcpview.exe
$ ./Firefox\ Setup\ 3.6.exe # and try to run them haha.
./Firefox Setup 3.6.exe[1]: MZÿÿ¸@ິ: not found
./Firefox Setup 3.6.exe[2]: syntax error: `)' unexpected
$ ./Tcpview.exe
./Tcpview.exe[1]: MZÿÿ¸@躴: not found
./Tcpview.exe[2]: syntax error: `^N$Hf{^N$Hf{^N$Hf{' unexpected
These executables aren't even in the correct format to run on OpenBSD. Hell, *LINUX* and *FREEBSD* executables, though closer in structure and such, won't run.

Trust me, no Windows virus is going to affect OpenBSD unless some seriously fancy assembly work went into it (i.e. like the Linux/Windows "virus" a while back that could only delete user files).

Last edited by rocket357; 17th December 2010 at 11:15 PM.
Reply With Quote
  #4   (View Single Post)  
Old 17th December 2010
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

On most Unix systems, nothing is "automatically" executed after being mounted.
Reply With Quote
  #5   (View Single Post)  
Old 18th December 2010
ocicat ocicat is online now
Administrator
 
Join Date: Apr 2008
Posts: 2,834
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by jackthechemist View Post
How does BSD handle such items?
...by familiarizing yourself with the information found in Section 14.16 & Section 14.17 of the official FAQ. All of Section 14 would be good reading to understand.

In fact, as a newcomer to OpenBSD, familiarizing yourself with the entirety of the FAQ is highly recommended.
Reply With Quote
  #6   (View Single Post)  
Old 27th December 2010
girarde girarde is offline
Port Guard
 
Join Date: Nov 2010
Location: NW FL
Posts: 26
Thanked 1 Time in 1 Post
Default

OpenBSD will not automatically mount CDs or thumb drives unless you edit fstab or your profile to make it happen. Neither would it look for a default executable to run on mounting one of them.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Saving automatically downloaded binary packages IdOp NetBSD Package System (pkgsrc) 6 23rd November 2009 06:00 PM
Large MFS filesystems jggimi Guides 2 26th October 2008 05:17 PM
Need help with mounting filesystems Mr-Biscuit FreeBSD General 2 11th September 2008 08:29 AM
webmin filesystems error smooth187 FreeBSD General 1 29th July 2008 05:29 PM
Non-root user editing automatically mounted smb share tad1214 FreeBSD General 8 8th July 2008 02:28 AM


All times are GMT. The time now is 02:30 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick