Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Debian

Trusted Debian v1.0 Released 259

Peter Busser writes "The Trusted Debian project releases its first official release, v1.0. Its main focus is solving most (but unlikely all) buffer overflow problems. It features PaX, a kernel patch which does several things. It tries to keep code and data apart, it randomizes stack, code, heap and shared libraries, it does strict mprotect() checking and it also protects the kernel. Trusted Debian also uses the stack protector patch for GCC developed by Hiroaki Etoh at IBM, which adds overflow checks to C/C++ code. It also features FreeS/WAN and RSBAC, an extensive access control framework. More information is available from the website. There is also a demonstration available for the special capabilities of this release."
This discussion has been archived. No new comments can be posted.

Trusted Debian v1.0 Released

Comments Filter:
  • by strateego ( 598207 ) on Monday April 21, 2003 @02:49PM (#5775367)
    No remote holes in three minutes will be the new slogan of the Secure Debian project.

    This must be a new linux record. :P
  • AHA! (Score:4, Insightful)

    by FortKnox ( 169099 ) on Monday April 21, 2003 @02:50PM (#5775379) Homepage Journal
    which adds overflow checks to C/C++ code

    Overflow check? But I thought C/C++'ers like the amount of CONTROL that comes from being able to shoot themselves in the foot!

    At least, that's what they tell me when I tell them I program in Java now.
    Guess you'll need to figure a way around these checks, eh? ;-)
    • Oh, come ON (Score:5, Informative)

      by Cthefuture ( 665326 ) on Monday April 21, 2003 @02:58PM (#5775440)
      This is added as a GCC option. (-fstack-protector or similar) All the CONTROL and power of C/C++ is still there. It's an optional feature for when you need it. I don't usually use C and/or C++ for the control though. It's all about performance.
      • Chill. Was nothing more than a joke (I have -no- idea why it was marked 'insightful'. I was expecting 'funny' or 'flamebait', but 'insightful'??)
        • It was funny/insightful because a lot of the C programmers I know (including me) will occassionaly think that way.

          Overflow protection!? WTF do you need that for, it's only one or two lines per buffer to do it! Keep it out of the compiler! Occassionaly, ouch my foot ensues!

          I mean a lot of C programmers I know (no idea what percentage of the total, anectodotal, blah, blah) dislike C++ because of inheritance!

          Definately a funny AND an insightful comment for that particular type of programmer.
  • by bolthole ( 122186 ) on Monday April 21, 2003 @02:52PM (#5775394) Journal
    The naming of this subproject is either poorly thought out, or just downright underhanded.

    "Trusted Debian" is clearly targetted to compete with "Trusted Solaris" and "Trusted(?name right?) BSD". However, "Trusted Solaris" has been CERTIFIED to meet B2 level security criteria. There is no mention of any such certification, either performed, or in progress, on the project's home page. It is just a collection of security enhancements and tweaks that is "hoped" will merit the system being trusted, but I see no formal proof or audit of that.
    • Eh? (Score:4, Interesting)

      by Cthefuture ( 665326 ) on Monday April 21, 2003 @03:01PM (#5775457)
      Is the "Trusted ***" namespace only given to operating systems that meet B2 security levels?

      I assume a commity or something gives you the stamp and that then allows you to use "Trusted" in the name of your project?
      • Re:Eh? (Score:5, Insightful)

        by ZenShadow ( 101870 ) on Monday April 21, 2003 @03:04PM (#5775482) Homepage
        Two words: marketing buzzword.
        • Profit?!? (Score:3, Insightful)

          by Pharmboy ( 216950 )
          Two words: marketing buzzword.

          1. Create more secure operating system.
          2. Give it away for free.
          3. ????
          4. PROFIT!

          Ok, I give, wtf _IS_ the third step that would require a marketing buzzword? I guess you can market for bragging rights, but I am guessing it was more of an afterthought than a business plan.

          I bet I can name everyone that has gotten rich on Debian on one hand.............and still have 5 fingers left.
      • Re:Eh? (Score:2, Informative)

        by Anonymous Coward
        It was somewhat implied. Debian has now diluted the use of the word.
    • trusted BSD (Score:4, Insightful)

      by bolthole ( 122186 ) on Monday April 21, 2003 @03:27PM (#5775664) Journal
      I forgot to mention in my original article, that "Trusted BSD" strives to meet the same security standards that Trusted Solaris does.
      "Mandatory Access Controls" and all that fun stuff.

      [www.trustedbsd.org]

      So, "Trusted Debian" is the odd man out.

    • Trusted according to some B2 level security criteria? Microsoft just got some kind of certification similar to that. This is bullshit. Getting these kind of certifications -- like getting the POSIX-compliant certification -- also costs millions of dollars, which FS and OSS developers can't afford and don't need.

      Putting some fucking label on a product like B2 level security is NOT going to make it any more or less secure. It is bullshit to assist the mindless masses, and it in fact hinders theme, because it
    • I don't believe trusted solaris has been b2 certified. It has passed a similar criteria evaluation though.
      • From Sun's Trusted Solaris site:

        Assurance

        In a trusted systems evaluation, product features must meet a specified set of criteria. Over the years, Sun products have successfully passed many government-sponsored evaluation programs. Trusted Solaris 8 software is currently in evaluation against the Common Criteria at the EAL4 level with the Labeled Security Protection Profile (LSPP - equivalent to the Orange Book - TCSEC - B1 class).

        So, it's equivelent to the B1 level. Don't have an Orange Book hand

    • >bad/evil marketing by debian
      This project is based on debian, but not by debian. It is an independent project. Hence it cannoty be bad/evil marketing by debian.
      • Good point. But if that is the case, they should not be able to have "Debian" in the name. They should only be able to use "Debian" in a product name, if it has been approved by Debian. (And I mean 'should' in the LEGAL sense, not just the moral sense)

  • speed? (Score:3, Interesting)

    by SHEENmaster ( 581283 ) <travis&utk,edu> on Monday April 21, 2003 @02:53PM (#5775404) Homepage Journal
    Don't all these "overflow checkers" kill the speed of C(++) apps? I'd like to see some comparisons between the two distributions.

    Are the packages the same or unique? If the latter, why not merge w/ the original code and help us all out?

    Is this better or worse than the NSA's secure kernel? Why is a new distribution required if a kernel is all that's changed?
    • Re:speed? (Score:2, Insightful)

      by lithron ( 88998 )
      Don't all these "overflow checkers" kill the speed of C(++) apps? I'd like to see some comparisons between the two distributions.

      Speed and security are two completely different objectives. If you are going to use something like Trusted Debian, its because the security is much more important than the speed. I mean, what good does speed do you after your web site is hacked?
    • It's not just the kernel that has changed. All of the code will have have been complied with -fstack, etc. so that not just the kernel, but the code itself is less likely to respond to stack overflows, etc. So you will be installing Trusted packages, instead of the standard woody packages.

      It also uses a different access mechanism (calls it RSBAC) as do most "Trusted" (i.e. security enhanced) distributions. Based on ACL's it allows the Sys Admin more granularity on determinig who can access what.
    • If you want security, write in Java. You will never get overflow attacks, will be able to restict access of potentially buggy code to files, network and so on and will greatly reduce the chance that your server will crash because of memory corruption. If you want top performance, write raw C code. If you want both, use JNI for tasks other than processing network data or a C++ class library with bound checking.

      The overflow checker only makes a difference when compiling buggy code. And in this case it leaves
      • by ZenShadow ( 101870 )
        If you want security, write in Java.

        This kind of naive attitude is why we have so much bloody buggy software. While changing programming languages may reduce a certain class of errors, it will never, ever, ever result in security. It can't. The programming language can't prevent a programmer from being stupid.

        If you want security, you'll actually have to do the one thing that few programmers actually take the time for in this industry: don't take shortcuts. Plan your software, plan your security m
    • Re:speed? (Score:5, Interesting)

      by evilviper ( 135110 ) on Monday April 21, 2003 @03:58PM (#5775864) Journal
      Don't all these "overflow checkers" kill the speed of C(++) apps?

      No. OpenBSD 3.3 has 4 different forms of buffer/memory/stack protection, and Theo says that, not only is there NOT a slowdown, but on a couple architectures, it actually speeds things up! [theaimsgroup.com]

      It seems that the Debian organization's main purpose is to emulate OpenBSD... They are dedicated to maintaining older, stable versions of software, they use NetBSD as the core of their Debian BSD distro, and now they almost directly copy OpenBSD's recent security efforts. [deadly.org]

      Not that there is anything wrong with that. I just find it very interesting.
      • Re:speed? (Score:3, Informative)

        by cpeterso ( 19082 )

        In Theo's post on theaimsgroup.com web site, I don't see anything supporting your assertion that OpenBSD's new memory protection "actually speeds things up".
        • Re:speed? (Score:5, Informative)

          by evilviper ( 135110 ) on Monday April 21, 2003 @05:10PM (#5776367) Journal
          I don't see anything supporting your assertion that OpenBSD's new memory protection "actually speeds things up".

          My mistake... I've read about all this stuff a while ago, so I didn't correctly remember which post talked about which aspects of it.

          It can be found in this magicpoint presentation. It's several pages into the presenatiton. it's plain text with some markup, so you can just grep through it (look for "sped") if you don't want to install magicpoint: http://www.openbsd.org/papers/csw03.mgp

          I've read it other places before I saw the presentation, but google isn't working very well to find them, I don't have links to everything (I'd have millions of links if I make a link of everything, and kept them for this long), and I'm not going to spend a lot of time tracking down where I read this stuff. Check out deadly.org, or the OpenBSD misc/tech mailing list archives if you want additional confirmation, and discussion on the subject of the speed-up...

  • SE Linux (Score:5, Interesting)

    by Erwos ( 553607 ) on Monday April 21, 2003 @02:54PM (#5775408)
    Does it use NSA's SE Linux kernel patches? Ordinarily, I don't see much use for them, but it seems exactly the sort of thing that you would want for a trusted system.

    -Erwos
  • by Anonymous Coward on Monday April 21, 2003 @02:54PM (#5775409)
    It's available on BudgetLinuxCDs.com as an upgrade to woody (recommended installation method)
  • by pyros ( 61399 ) on Monday April 21, 2003 @02:56PM (#5775418) Journal
    I'd like to know how many other UNIX sysems implement these kinds of technologies, except OpenBSD. How well do they compare? Again, I'd like to know how many other UNIX systems implement these safegaurds, except OpenBSD.

    hint - read the article before responding/modding

    • You suggest reading the article, yet the article says explicitly that this is the only distro other than OpenBSD (or, in one case, FreeBSD, and at the beginning, "encumbered" unices. So I guess I wonder, what would you know if somebody from the Trusted Debian project said, "The answer is seven."

      It seems to me that your question is poorly phrased. What is it that you really wonder?
  • trusted for what? (Score:4, Insightful)

    by 192939495969798999 ( 58312 ) <info AT devinmoore DOT com> on Monday April 21, 2003 @02:57PM (#5775426) Homepage Journal
    Where is it implemented that a trustworthy operating system is required? there should be a standard for printing the word "trusted" on a software program, so that everyone knows what everyone else is talking about. Companies shouldn't just be able to print "trusted", just like i can't print "low fat" on a hamburger if it's not up to some standard of "low fat".
    • Re:trusted for what? (Score:5, Informative)

      by nemaispuke ( 624303 ) on Monday April 21, 2003 @03:09PM (#5775531)
      If you work for the Government on classified systems they prefer "Trusted" versions of operating systems (Trusted Solaris, AIX, IRIX, etc.) These operating systems are approved for TCSEC B level security (Common Criteria EAL4 and higher). All parts of the OS are tested for Mandatory Access Control, extended auditing and logging, and data protection. installing any of these on a home system is overkill (and in the case of the ones I just mentioned, expensive). But if you are processing Top Secret information and want full audit trails and complete trust, these are the operating systems that will deliver it. The only thing I do not see with Trusted Debian is the extended auditing and logging. The secure code base is nice, but if they intend to get into the Government with this, I think they have a long way to go.
      • I'd say that until they get an external audit saying that they are B2 certified, they have a very long way to go.

        But then that does depend on your goals. Debian is the least corporate of all the Linux distro's. They have always been end user based and not corporation based. Indeed the goal of this project is "to create a secure Linux platform and make it available to everyone". They probably aren't concerned with the majority of criticisms in this thread because they aren't looking ot create a product
    • Re:trusted for what? (Score:2, Informative)

      by WetCat ( 558132 )
      For example: you have only one computer.
      You mostly do tho tasks on that computer:
      - Managing your money in spreadsheet.
      - Browse the web.
      In trusted RSBAC system you can create different
      levels of information protection: for example
      your spreadsheets will be marked "My Own Important
      Data" and you can have access to them only if you
      switch your security level to "Manage Important Data". In this case browsing will be disabled and only trusted programs will be allowed to run.
      No web data or malicious programs can then
  • by ih8apple ( 607271 ) on Monday April 21, 2003 @02:58PM (#5775441)
    Now that Debian is "Trusted" (like everyone else in the freaking industry picking up the same buzzword), it's time to remember Anti-Trustworthy Computing [salon.com].
  • why not use Cyclone? (Score:2, Informative)

    by Trepidity ( 597 )
    It seems like Cyclone [att.com] is designed explicitly for this -- somewhere where safety guarantees are worth some slight (but not major) performance penalties. It's a low-level language designed to be very compatible with C, but adds a bunch of safety features to the language (with a mind towards optimization; for example, you can declare a pointer "never-NULL" to avoid run-time NULL-pointer checking). And it gets rid of pretty much all buffer-overflow or pointer-dereferencing style errors, rather than just catch
    • You think we should rewrite the entire contents of the Debian distribution in a new programming language?
      • by Tom7 ( 102298 )
        I do think we should rewrite the legacy net applications. They are old, bloated, and full of security holes. Cyclone is a cool language that no low-level security nut can ignore, but I also don't think it's necessary to write network apps in low-level languages. That's really tedious.

        For instance, I rewrote ftpd in SML because I got sick of buffer overflows. It only took me a few days and the result was much leaner (wu_ftpd is 30,000 lines, mine was about 800) and definitely has fewer buffer overflows / he
      • Really important stuff, like say SSHd, should be written in something safe. Just compiling in bounds-checking in an ad hoc manner is both slower and less safe than writing it safely to begin with.

        Though as the other poster mentioned, if people just abandoned C in the first place, we'd solve a lot of the problems. Cyclone is nice in that it's a way for people who still want C's low-level control to abandon C's security holes without using a high-level language like SML.
    • by Anonymous Coward on Monday April 21, 2003 @03:27PM (#5775662)
      I know this is not an answer to many problems, but I wonder, why there is no biger efford put into binary sandboxing. I would LOVE to limit rights of sub-processes. Possible solution would be a user (group) submask. To explain what I mean:

      Suppose you are an ordinary user with 32 bit UID
      00 00 00 A7 and mask FF 00 00 00, given by the administrator. This mean you can acces all files (and resources) to which you can "chameleonise" UID to xx 00 00 A7

      You can also run a subproces, say, x1 00 00 A7 with rights further restricted. This mean that the parent process will have the acces to all result of the child, but not vice-versa. Now you can run a network browser, email program, downloaded binary-only spyware etc. in their own sandboxes with access to particular resources only (say a directory with ownership 01 00 00 A7). They would not mess-up anything else... You would be able to limit network access etc.

      Roman Kantor

      PS: The beauty of this hack is that it can work with standard POSIX filesystems, you need to add masks only to processes. I am not sure how difficult would be to hack the linux kernel, but it should be relatively straightforward.
  • by Anonymous Coward on Monday April 21, 2003 @03:01PM (#5775458)
    Now it is more secure than Debain Stable and more out-of-date.
  • Trusted Gentoo (Score:5, Informative)

    by chrysalis ( 50680 ) on Monday April 21, 2003 @03:01PM (#5775459) Homepage
    Please note that Gentoo Linux also comes with a propolice enabled GCC and a PaX-enabled kernel.

    It's up to you to use them or not.
  • by flacco ( 324089 ) on Monday April 21, 2003 @03:05PM (#5775495)
    ...that i never trust any product that has the word "trust" in it?
    • "Why is it... ...that i never trust any product that has the word "trust" in it? "

      It's probably an immune reaction to all the fud that flew around Slashdot during the Microsoft anti-trust suit.
    • No really. Imagine if someone told you of this über-super-deluxe secure system, and told you to "trust me" on that. I'd be a lot more sceptic than if they just gave me a demo and said "have a go at it, see what you think". Why? Because any college drop-out can say "trust me". But actually having something that looks secure and robust is in fact far more complex, even that too might be just good snakeoil.

      Kjella
  • Why not OpenBSD? (Score:5, Interesting)

    by unixbob ( 523657 ) on Monday April 21, 2003 @03:06PM (#5775503)
    I'm not trolling here, but I can't see the benefit of this over OpenBSD.

    Admittedly there are apps that run under Linux that don't run under OpenBSD (namely commercial apps) but in this case, I would expect that running those apps on this system would lose the "Trusted" lack of buffer overflow possiblities etc., which defeats the object of the distribution. And the lack of commerical certification for this product would bely using it for such a reason anyway.

    A cursory glance over their website doesn't show me anything which would me want to choose this over OpenBSD. In fact given the maturity of the OpenBSD project, and the man hours that have gone in to that piece of work, that is likely to be my first port of call anyway.

    I'm not trying to put down the trusted debian guys, I just fail to see the point of their work (apart from the old - "why not" reason). So, if not for the licensing issue which debian has always held close to, why would anyone pick this over OpenBSD?
    • ...does OpenBSD also have the Kernel protections mentioned in the original story? And what version was/will-it-be introduced? I took a cursory look at the site, but though I'd be lazy and throw the question your way :)

      • Yo. :$

        to quote [trusteddebian.org]
        There is no other UNIX system which adds the same kind of protection against buffer overflows and at the same time protects against some less well-known or even some unknown problems. Except for OpenBSD
        OK, the next line does say that the trusted debian developes think that OpenBSD falls short on these things. Having seen the maturity of the trusted debian project, it seems to me that whilst this may or may not be true, certainly trusted debian has a long way to go before it can accomp
      • by honold ( 152273 )
        look at the top 2 items of this link [openbsd.org]

        propolice is the same gcc stack protection that trusted debian uses, written by the same author whose email address is etoh@openbsd.org.

        w^x is similar in concept to pax, but it is faster and doesn't break applications.

        this has produced a hilarious 'debate' on the openbsd misc mailing list, as evidenced in threads like this [theaimsgroup.com] and this [theaimsgroup.com]
    • Especially when you can get Linux emulation in OpenBSD [bsdtoday.com].
    • Re:Why not OpenBSD? (Score:2, Informative)

      by ZenShadow ( 101870 )
      The reason "why not" is actually stated as one of the project's motivations: they want to make running a "secure" system easy for the normal user. OpenBSD is definitely a reasonably nice system, but easy it is not. Unless something has changed in the last three or four years, anyway...

      • Depends what you are after I guess. If you want a secure and locked down system then you are going to have to put some work in to it yourself. What is the point of installing OpenBSD / Trusted Debian with a root password of "password", etc. If you want trustable security then you need to look at a platform that provides you with the tools to lock the system down.

        I can understand how it may be easier to do that with a Linux distribution than a BSD based distro due to familiarity. However my Linux expe
    • Taking this one step further, I really don't see the need for more than a couple of Unix-like OSes.
      Does each of these *really* have some unique features that just couldn't be added to one of the main distributions?!

      Let's see... we have OpenBSD, NetBSD, BSDI, FreeBSD, Solaris, HP-UX, AIX, Tru64, IRIX, UnixWare, SCO, Mac OSX,

      Of course just for Linux we have: RedHat, Mandrake, Debian, Slackware, SuSe, Caldera, Gentoo, Antartica, Lycoris, Yggdrasil, Conectiva, Corel, Elfstone, RockLinux, SharkLinux, Sisyphus,
      • When was the last Yggdrasil release? 1994? Did they even make the move from a.out to ELF like they said they would?

        News update: Kurt Cobain is dead. The White House and Congress are both under Republican control. The Dallas Cowboys suck.

        Yggdrasil?!?!?!

    • The benefit over OpenBSD could be stuff like:
      name recognition amoung the suits (they have heard about linux, but probably not OpenBSD (as opposed to nerds).
      prepackaged binaries? (not sure if OpenBSD has that).

      I can see a market for commercial apps that is targeted for a "trusted OS". It would properly be
      easier to use Trusted Debian for this for a "desktop" rather than OpenBSD, even though both are possible.

      True OpenBSD does have an impressive record, but that doesnt mean that cant be space for more "trust
  • A trusted 1.0... (Score:5, Insightful)

    by japhar81 ( 640163 ) on Monday April 21, 2003 @03:11PM (#5775550)
    I'll call an OS trusted after its been deployed for at least a year with no intrusions.

    How do you call 1.0 of something 'trusted'? Regression testing and looking good on paper is great, but until you can prove that the damn thing works (i.e. make me trust it) it ain't trusted.

    That said, I'm going to grab my copy and play around. We need more security-focused distros. BSD has it right (no remote exploits with a base install), linux needs to do a little catching up in the access control area.
  • Other distros? (Score:3, Insightful)

    by Anonymous Coward on Monday April 21, 2003 @03:18PM (#5775595)
    Shouldn't we be pushing to get this integrated into other linux distros?

    If Redhat, for example integrated in into RH 10 or Mandrake into 9.2.
  • Firewall anyone? (Score:3, Interesting)

    by Lumpy ( 12016 ) on Monday April 21, 2003 @03:18PM (#5775596) Homepage
    I can see this as a use for a firewall or in the wild pc.

    If you own a PC and you dont have a firewall between it and the internet, you are pretty damned dumb.

    This really is of no use to the average user.

    I'd love to see a floppy distro for floppy firewall set up from it though. (upgrade the kernel to 2.4 so we can use modern firewall rules.)
    • Re:Firewall anyone? (Score:3, Interesting)

      by Anonymous Coward
      If you own a PC and you dont have a firewall between it and the internet, you are pretty damned dumb.

      Everyone always says this, but nobody seems to think about it. Why, exactly do I need a firewall between my PC and the internet at large? I keep up with my patches, I don't execute email attachments (I don't even use Outlook), I'm not "pretty damned dumb" in general... What is a firewall protecting me from, if I'm already being good about security? Anyone want to explain that to me?
      • To protect you when you misconfigured, for one.
        Are you sure webmin is configured to not accept remote connections? And xfs? And {x,d,g}dm? And mysql?

        And so on.
        Much easier to say explicitly say what you _do_ want to be allowed access to from the internet, than to try to make everything is always configured correctly. Of course want to do make sure it is also configured correctly, but a firewall will help you when you do make a mistake. Not to mention when you automatically upgrade a piece of software and
      • Post your IP address and let /. demonstrate!
  • Why copy OpenBSD (Score:2, Insightful)

    by mnmn ( 145599 )

    I think OpenBSD has been at it with such efforts for a while. Why is FreeBSD shifting its niche, or nudgeing OpenBSD out of the ring?
  • Whats in it for me? (Score:5, Interesting)

    by jasno ( 124830 ) on Monday April 21, 2003 @03:22PM (#5775631) Journal
    I run a home gateway box with SSH, IMAP, and Apache on open ports. I check for updates daily, and no one else has an account on my box.

    Is there any compelling reason for someone like me(and most /. users) to use something like this? Can someone sum up the benefits?

    I'm not downplaying the importance of this kind of project. I can see its usefulness in a corporate environment. I'm just wondering if there's anything I'm forgetting on my current machine, and if this is a good way to address those problems.
    • There were exploits in SSH and SSL not very long ago. Who knows if some script kiddie nmap'ped your whole ISP and grepped his/her list for SSH servers to try to get into? Sometimes a bit of paranoia doesn't hurt.
    • The easy answer is that you are more protected. Security is a combination of a variety of things. You don't benefit from running the most up to date version of Apache, if your ssh is 6 months old and full of known holes.

      You are probably the kind of person who will get this most beneift from a project like this because you are aware of security issues and are proactive about it. I'm guessing you've spent time locking down your email, ssh and www services so that they can't be abused. So you are going
  • Trusted Computing. (Score:4, Insightful)

    by mindstrm ( 20013 ) on Monday April 21, 2003 @03:28PM (#5775678)
    All the stuff about buffer overflows, code audits, stack randomization... those are all attempts at plugging security issues.
    None of them really have anything to do with "trusted computing".

    Trusted computing is normally about 2 things: Making sure that nothing has access to anything it's not supposed to, and making sure that there is an audit trail for who did what.

    Example: Normal linux distributed -vs- NT.

    Okay... I hate windows.. but....

    Ever been frustrated because, in windows, if someone sets permissions on a directory they own, and says administrator can't access it... when administrator tries to access it, he gets denied?
    In unix, of course, root just ignores said permissions.. or changes them.
    In NT.. administrator has to first take ownership of the object THEN change the permissions... and administrator can't assign ownership back to the other user (though of course, administrator can grant access to the object).
    Why? So there is a trail of events. Your file was changed? You say you didn't do it? IF administrator did it, it will show in the file permissions.

    • by WetCat ( 558132 )
      RSBAC [rsbac.de] (mentioned here)
      does that and more.
    • assuming the administrator has physical access to the machine, he can diddle with the disk directly, so is this just a false sense of a security?

      Presumably the administrator can run programs to defrag the disk and repair the disk, and these require direct (and often online) access to the raw data -- they could probably play with the data while the machine is up bypassing the entire permissions model.

      And where does this leave you? With the administrator saying in a court of law "It couldn't be me! You wo
      • Switching to linux - there are patches (or modules for the linux security modules) that restrict roots privileges so that they don't have rights to defrag, or fdisk or access directories you configure it at as.
        The usual way this works is that if you do need to make changes that root isn't allowed, then you need to have physical access to the machine. Then you switch to a particular console (not an xterm, and not all consoles - just one or two of them would be valid) log in as root, and then you sort of su
    • Trusted computing is normally about 2 things: Making sure that nothing has access to anything it's not supposed to, and making sure that there is an audit trail for who did what.

      Ah, I get it! Trusted computing is about not trusting anyone!

    • Ever been frustrated because, in windows, if someone sets permissions on a directory they own, and says administrator can't access it... when administrator tries to access it, he gets denied? In unix, of course, root just ignores said permissions.. or changes them.

      To be more precise that depends on the filesystem; one of the strong points of AFS [openafs.org] is that not only root cant access the files but it can't also change the permissions of the shared AFS namespace. Since it uses Kerberos only users with the pr
  • Trusted? (Score:4, Funny)

    by Anonymous Coward on Monday April 21, 2003 @03:34PM (#5775720)
    Trusted sounds past tense. Almost like Debian was trusted at one point, but not anymore; that doesn't do much to instill confidence does it?. I propose a name change to "Trusting" Debian, as it sounds much nicer. Better still, we should drop the word Debian (how many people know what a Debian is anyhow?) and just go with the generic word "Computer". Now it's "Trusting Computer". See how that works?

    Everyone likes a trusting computer.
  • by linuxbaby ( 124641 ) on Monday April 21, 2003 @03:50PM (#5775807)

    On a normal Linux system running Slashdot, we see this:

    • Article #3 Posted again
    • Article #4 Posted
    • Article #2 Posted again
    • Article #1 Posted again
    • Article #3 Posted
    • Article #2 Posted
    • Article #1 Posted

    On a Slashdot running one of the Trusted Debian kernels, you will see something like this:

    • Article #4 Posted
    • Article #3 Posted
    • Article #2 Posted
    • Article #1 Posted

    As you can see every value is different.

  • What are the benefits of implementing this versus an OpenSBD box? I would think that OPENBSD has the highest level of security fanaticism needed but maybe Debian can top that :)
    Guess the whole OSS community benefits.
  • by FattMattP ( 86246 ) on Monday April 21, 2003 @04:13PM (#5775956) Homepage
    If all of this stuff is so good and improves security, why isn't it rolled into the main Debian distribution?

"Hello again, Peabody here..." -- Mister Peabody

Working...