Anybody interested in building an absolutely secure linux system?
From: azuredu (xiao_at_unice.fr)
Date: 04/29/05
- Next message: Mike: "Re: sendmail compromised - Somebody help me!"
- Previous message: Vincent Jaussaud: "Re: services behind NAT and firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Apr 2005 03:02:06 -0700
Hi there,
I am looking for people interested in cooperating with me for a project
to build a strictly unbreakable linux system.
Maybe you have seen my announcements of sysmask
(http://wims.unice.fr/sysmask/doc/) and its demo challenge
(http://wims.unice.fr/wims/wims.cgi?module=adm/unice/challenge).
Sysmask is only the first step in the project. It protects the system
in case when a network daemon is compromised. However, sysmask alone is
not enough, for the network service assured by the daemon is still
disturbed by the attack, and in some cases (such as sshd) the
consequence is still important.
So the next step is to develop vulnerability-tolerant network daemons,
whose services will not be interrupted even if a vulnerability in the
daemon software is exploited, and even if arbitrary codes are executed
due to that.
Skeptical? This is now easily realisable. And the idea is very simple:
you just have to let each network connection to be served by a separate
process of the daemon. This process has all its system access rights
restricted by sysmask so that it can do no harm to anything else except
to the assigned connection. So if the process is compromised, the
consequence is limited to the connection of the attacker himself.
Otherwise, the ever-living daemon itself is nothing more than a port
listener and a process dispatcher. It prohibits itself from reading the
network requests (the reading is done by the child processes), so that
specially crafted requests cannot compromise it.
My first target is sshd. In the mean time, we should deny access of
/etc/shadow and the site private key to the daemon, moving
authentication to a well-shielded system login daemon. The latter can
now implemente more intelligent algorithms to make cracking by
exhaustion impossible, so that even easily rememberable passwords will
become more secure than today's "secure" passwords em%4G*^z.
Details will be explained to people interested in doing something in
this project: please write me directly to xiao@unice.fr, with the word
"sysmask" in your message.
- Next message: Mike: "Re: sendmail compromised - Somebody help me!"
- Previous message: Vincent Jaussaud: "Re: services behind NAT and firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
