Re: more on linux hardening

From: Seth Arnold (sarnold_at_wirex.com)
Date: 05/27/03

  • Next message: Valter Santos: "Re: hardening scripts" 
    Date: Tue, 27 May 2003 12:10:55 -0700
To: focus-linux@securityfocus.com

    On Mon, May 26, 2003 at 06:17:00PM -0400, Mike Lockhart wrote:
    > Are there any good quality papers on creating a system from scratch (not
    > LFS though) that can be trusted 100%? To further elaborate on what I
    > mean, I'd like to find a way to build from source a trusted system that
    > is running only binaries/libs that are built from a trusted compiler,
    > etc.

    This problem is more or less insurmountable without a HUGE budget.

    Consider that the CPU, MMU, PCI Bus, hard drive controller, hard drives,
    etc, all have chips designed with software. That software has to start
    from somewhere. With what? A trusted operating system built from the
    ground up? What CPU, MMU, PCI bus, etc, was that OS designed and built
    on? :)

    This is perhaps taking the chicken/egg scenario further than it needs
    to be taken, but it is a useful thought exercise to consider just what
    is involved in producing an operating system. Perhaps a sufficient
    work-around for the problem is targetting the OS for several different
    platforms, as trojans in hardware are a lot less likely to work along
    multiple architectures than a single architecture. Allow hardware
    diversity to provide "bounds" on probability the hardware does something
    unseemly, rather than prove from the start that the hardware doesn't do
    something unseemly.

    A first step to getting a trusted toolchain is an assembler. You'll need
    to write the first assembler in opcodes by hand using a binary editor of
    some sort, perhaps comparing the results on multiple operating systems
    (diversity to provide bounds on probabilities, rather than trusted
    base), then build a more intelligent assembler out of those tools, then
    build a compiler, then re-write the compiler in a higher-level language
    (as it is likely the only useful way to write an operating system kernel
    is in a language best supported by a compiler written in a high-level
    language), etc.

    Big Budget. :) 

    -- 
"So the whole internet is a Ponzi scheme" -- Jon Stewart

    • application/pgp-signature attachment: stored
  • Next message: Valter Santos: "Re: hardening scripts"

    Relevant Pages

    • Re: Which programming Language
      ... for new hardware will recognize your old language conventions. ... Sure, C has ANSI standards, but every compiler has ... underlying OS. ...
      (Debian-User)
    • Re: Why Lisp is not popular with average programmers
      ... > I mean being able to use the hardware and OS. ... > able to handle memory-mapped I/O and issue interrupts and ... > language the operating system is written in. ...
      (comp.lang.lisp)
    • Re: C++ more efficient than C?
      ... be faster than qsort -- the language is designed to make such ... optimisations possible, but I wonder what combination of compiler and ... hardware gives a factor of 4. ...
      (comp.lang.c)
    • Re: Adding thread support for C...
      ... and that's why it should not be part of the C language. ... >> the compiler emits code. ... > Unfortunately, according to the standard, the compiler is ... The memory hardware might. ...
      (comp.programming.threads)
    • Re: operands for relational operators <, >, >= etc
      ... C doesn't standardize how the code is generated, ... You will find that on different hardware, ... You will probabky find that on the same compiler, and the same hardware, you ... The one garauntee you have is that the Language specifies how the program is ...
      (comp.lang.c)