DARPA to Fund Open Source Security Research 108
divert writes "Just got an email on the SEC-PROG mailing list that DARPA is looking to fund security research for open source operating systems." Maybe someone should just tell them about OpenBSD, save some time and money.
michael, dude... (Score:2)
This is sooo arrogant, I'm disgusted. Dude, you're talking about DARPA. They funded the development of The Internet. Were it not for them this site wouldn't exist.
Re:openbsd (Score:2)
There are environments where you need performance and security. This is especially true of supercomputing environments where different people with different security levels all have access to the same physical machine(s).
Just because you have a firewall, doesn't mean you aren't prone to attack. You are certainly less likely to be attacked from the outside world, but who said the attack had to come from the outside world?
If you have a person with physical access to a machine you are trying to secure, it should still be extremely difficult for the person to gain entry into it.
Don't bother to submit as an independent. (Score:2)
Yes, it's a very inbred, good-ol-boys type of process, but that's life in military research...
"If I have seen further... (Score:2)
*Real* research is about incremental improvements to the existing base of knowledge.
If they could do this one... (Score:3)
That'd help.
Sounds like they have some pretty high goals that require a lot of cooperation between various groups. I wonder how they intend to solicit that cooperation.
Re:DARPA - The government gets involved. (Score:1)
Namely, StackGuard [immunix.org] and several of the other Immunix [immunix.org] technologies were developed under DARPA grants.
Wil
--
Re:Of course they aren't going to use BSD... (Score:1)
And let's also not forget a little startup that got its start from DARPA: Sun Microsystems.
*** Linux Intrusion Detection System *** (Score:1)
www.lids.org [lids.org]
I am running it on a test system and I am extremely impressed. It implements capabilities allowing you to assign least priviledge so if someone gets root on the box they still can't do anything. No longer do you need to open yourself up to attack just because a program needs to bind to a low number port, for example. It's a huge boost to the security of any Linux system. This plus the standard techniques used to secure a box can really lock things down.
Methodology? (Score:1)
I know just the methodology they need: get more people to do the code audit.
___
Re:DARPA Involvement (Score:1)
Re:unix badness (Score:1)
Re:OpenBSD is not a Trusted System (Score:1)
Re:OpenBSD is not a Trusted System (Score:1)
I was at the last CHATS workshop and both OpenBSD and TrustedBSD were present, along with representatives from the Linux community and other open source projects as well as commercial vendors.
While OpenBSD maybe secure, it is not trusted and will never meet the requirements for a highly trusted system (LSPP/the old B1). This is because Theo's customers don't want it (as I recall it).
richard.
Re:openbsd (Score:1)
It has no SMP support for one thing.
Why does this matter? Sure doesn't matter if you're running a firewall.
Re:Of course they aren't going to use BSD... (Score:3)
Who do you think put up the money to develop BSD in the first place? DARPA, of course.
OpenBSD (Score:2)
I've seen OpenBSD folks make a lot of claims, but I've never before seen one claim that all research into secure OSes should come to a halt now that it exists.
-
Re:michael, dude... (Score:2)
OBTW, DARPA funded the development of BSD as well.
Re:Then let Open BSD people sumit a proposal. (Score:3)
It's a lot easier if you affiliate yourself with a business or academic institution that already does business w/DARPA.
Re:unix badness (Score:1)
a) Accesing the net is fine, but setting up a server is not allowed (helps defeating trojans).
b) Just for safety, my Napster client may only access MP3's on my harddisk. MP3's on my harddisk and the NFS share are accessible to everybody. The Napster client may not access any other file except for its configuration, etc.
c) user joe may not run X, only console.
Re:DARPA Involvement (Score:2)
Re:unix badness (Score:2)
I think the point is to push the state of the art ahead, not fiddle with existing systems. I mean your analogy is similar to "Would you rather take a bicycle or a skateboard to fly to the moon" instead of researching how to make rockets.
Re:unix badness (Score:1)
But thats not the choice.
Its unix vs. writing a new os.
New OS wins for me.
Re:unix badness (Score:1)
Re:unix badness (Score:1)
Read it again. Stop worshipping at the altar of unix.
It is not perfect.
Typing from a unix system... damn , still no IE beating browsers yet!
Re:SUBTERFUGUE (Score:1)
Hacks to the unix security model are nothing new,
and are also nothing interesting.
Posix ACLs, privilege bits, online
tripwire style things, ptrace abusers,
are all pretty damn skanky.
And I would prefer an elegant unix with
lax security that I know the limits of,
to a clunky add on laden unix with no
real coherent security model.
Of course, an OS that used a capability model
would be better...
Re:uninformed: redefine userspace as app-space? (Score:1)
to be secure, there are lots of user accounts.
Each bit runs under a different one.
Unfortuanately, its just a hack. To add users
you need root access, ie ultimate boredom for root.
Or package management nightmares with coordinating uids. Maybe this could be solved with a better PAM plugin.
However, if you make a new user for
every app automatic, kernel checks go
like this:
userspace:
system_call(arg1,arg2,...);
kernelspace:
user = current_program->user;
do_check_on_whether_user_is_allowed(user);
this could be:
looking through a set of acls on a file.
checking a privelege bit.
checking if the uid is 0.
do_the_job();
in a cap based os:
userspace1:
call(cap, arg1, arg2,
kernelspace call handler:
dest = get_dest(cap);
copy_args_to_dest(dest);
schedule_dest();
(dest can be kernel or user task)
dest:
do_the_job();
So in a cap based os the possesion of a cap means you are allowed to do something. No funky checks.
The checks are done in userspace (no kernel policy)
when you are given the caps.
so doing this in a unixy os would be drastically inefficient if it was done system wide.
Re:OpenBSD is not the be all and end all... (Score:1)
is system security. Ie you don't want to get rooted.
But to be honest, I don't trust most programs I run with my own files. I don't want the huge unaudited mozilla to be able to write to my thesis.
Thats where unix can not be fixed in an efficient way. You need to fundamentally break posix, unfortunately.
Re:OpenBSD is not the be all and end all... (Score:2)
You seem to have got the userspace/kernelspace split mixed up with the root/normal user split.
The first is a difference in memory mapping. When you are running a normal program, your own memory is mapped appropriately as some of readable, writable, and executable. The kernel is always mapped non readable, non writable, and non executable. When entering the kernel ( eg system call, page fault, interrupt), the kernel memory is changed to be readable, writable, and executable.
The second is how the kernel responds to system calls. When a system call is called, if it is a privileged operation, the kernel will perform a check to see if the program is allowed to do this.
In old unix, this was often just a check to see if the uid in the process control structure was 0. In linux, it is usually a check of a privelege bit ( evilly called capabilities by posix and linux). So different processes can have different set of priveleges.
So, in unix, you su to root. This doesn't make you run in kernel mode. You are still running just like a normal user. The only difference is, when you do a system call, the kernel grants you a special privelege to bypass normal security checks.
This is wierdo special casing. Not nice.
In a capability system, a token is passed along with any other arguments to a system call. This token proves to the kernel that you are allowed to do the call you asked for. No wierd special cases. No acl systems or even the concept of a "user" in the kernel.
This can and is being implemented on x86. See eros - www.eros-os.org
OpenBSD is not the be all and end all... (Score:4)
Any program you run can do anything to every file you have write access to, and can also leak information by default to anyone on the internet. Not good. This means a very large trusted code base, which is a bad thing. The set of code which need to be trusted (ie the kernel and very few programs) should be as small as possible.
There are some approaches to improving security. Capabilty models look like the best hope for the future. This comment is too small to hold a reasonable explanation - take a look at http://www.eros-os.org [eros-os.org].
Don't get me wrong, OpenBSD is a good firewall and general unix server platform, but its security model is limited by posix compliance.
unix badness (Score:4)
1) All programs you run are trusted with all files you have access to.
2) All programs are also given a default set of actions they can perform, eg open random connections to the internet. This is nice for leaking information. This can be amelorated via so called posix capabilities. These are more properly called privelege bits as in VMS.
3) Global filesystem. Everyone can see the filesystem.
Chroot may help. Plan 9 style namespaces are better too. Better would be to take the human namespace out of the kernel and only give it to programs that need it.
probably lots of other things. Basically unix was designed when everything you ran on your computer was written by yourself of someone you knew and trusted. And then commercial unix just got featuritis. It would probably not be good to declare it the one true operating system.
Re:DARPA Involvement (Score:2)
-stax
Re: (Score:2)
Re:Sigh... (Score:1)
The former is a task easily done in parallel with little or no intra-personnel communication. The later is something which, as Brooks points out, requires more intra-personnel communication as more personnel is added, until the marginal gain in productivity turns into a loss.
...
Re:OpenBSD is not a Trusted System (Score:1)
You sound like a Windows user who just does not have a clue about what a real operating system should be like, and YES I do realize that you are little troll who just learned just what the Internet is!!!!
One part of trusted is that a system _MUST NOT_ have any underlying bugs. Don't forget that and just go away.
Re:michael, dude... (Score:2)
They wanted a UNIX. They wanted TCP/IP. They happened to use Berkeley- that's quite different from generally "funding BSD development"
Of
One little EROS detail... (Score:1)
For those of you suggesting that EROS may be the way for DARPA to go, you may be on to something.
Note this statement on the EROS website [eros-os.org]:
Guess that either means that DARPA's gonna funnel more money into EROS, or that EROS wasn't up to some standard, and they're looking for a replacement.
Re:Don't bother to submit as an independent. (Score:1)
The no part is that you don't have to have a months-long lead. In fact, the CHATS BAA came out only a few weeks ago. I could tell you the exact date if I weren't too lazy to check my mail logs.
DARPA projects tend to be big, on the order of $500K per year. That means that they expect an effort that involves several people. It also means that they expect fully thought out stuff.
(How do I know? I've participated in lots of DARPA submissions and research projects. I was involved in two potential responses to CHATS, one of which we dropped because we didn't like our own idea. I withdrew from the other because of reasons mildly related to the issue under discussion, mainly that if you get more than $50K per year from DARPA, you have to file a lot of paperwork that my college isn't set up to produce.)
Re:OpenBSD is not a Trusted System (Score:2)
Security (Score:1)
Hold on, don't flame me yet. Open Source has the most vulnerable model available, yes. Anybody who knows how to code can put anything they want into the code. Exploits should be abundant, right?
Of course, we all know that there are no exploits for Linux, and dozens of them for Windoze. But what does this mean? I believe that it means Linux has such a great backing in the community that people are watching over each other.
But what happens when some malicious person decides to screw with the code? That's right. Disaster. It's on the horizon. Linux has only been around a few years, and it's long overdue for hackers to install some exploits. I admire DARPA for putting money into this boiling pot, and hope that they can defuse the problem before it gets out of hand. Because once Linux has been shown to be unstable and vulnerable (security wise) then Slashdot is no more...
------
That's just the way it is
NSA Linux (Score:2)
Re:unix badness (Score:2)
What planet are *YOU* from? (Score:2)
What basis do you make THIS claim?
The 'byline' is "news for nerds, stuff that matters". Slashdot has a BSD section.
What reasons do you have for thinking *THIS* site is the #1 advocacy site?
Re:Why DARPA is doing this (Score:2)
Dunno if they ever pursued the project further.
Re:Why DARPA is doing this (Score:2)
Absolutely true. I didn't mean to impugn the project managers at all. I actually reported directly to a project manager at the ISO, and he was astute at political infighting, but his overwhelming passion was the technology behind his project.
No doubt about it - there are some very smart, very clearheaded people running projects at DARPA.
I also agree with your analysis as to why they'd be delving into Open Source. Many of these program managers are military folks who came in through the military-industrial-govt merry-go-round, but many of them are also essentially hackers who pay attention to things like.. well.. Slashdot.
Why DARPA is doing this (Score:4)
DARPA is interested not in current technology, or even next-generation technology. Their mandate is to fund and evaluate what they call "high-risk, high-payoff" projects. They fully expect that most of their projects will fail to achieve their goals. However, they also realize that even those projects that fail will stimulate advances in other, sometimes unforseen areas. Of course, those projects that succeed become the wonder-technologies of tomorrow.
Another thing to keep in mind is that DARPA is a government agency, and as such has a mandate to diseminate their findings as far as possible within the federal government. I actually worked on a liason project with FEMA, where we were trying to help kick-start FEMA's web-based emergency-mitigation effort.
The secondary effect of this mandate to spread the wealth is that it's key for an agency's survival that they be known as the originators of the wealth. That is, when DARPA comes up with something, they sure as hell make sure that every other agency knows it came from DARPA. That way when the budget axe comes along, DARPA isn't first on the chopping block.
So DARPA's desire to fund this project probably has a lot more to do with going beyond what's already been done, and taking the credit for it, than it has to do with acknowledging what's already out there.
Re:OpenBSD is not a Trusted System (Score:1)
Then let Open BSD people sumit a proposal. (Score:2)
Re:DARPA - The government gets involved. (Score:2)
OpenBSD is not a Trusted System (Score:5)
The DARPA program is called Composable High Assurance Trusted Systems (CHATS) which implies that they are interested in Trusted Systems [ncsc.mil] not systems that claim to be secure because a bunch of hackers allegedly have fixed all the buffer overflows. Being "secure" and being a trusted system are completely different things.
Maybe micheal meant to mention TrustedBSD [boardwatch.com] which is attempting to become certified as a Trusted System?
Re:unix badness (Score:1)
Uh, actually none of these statements are true.
Next time you actually use a *nix system please type "man chmod"
Re:unix badness (Score:1)
You should know then that UNIX systems allow you to change the read/write/execute permissions on any file on the system, and since everything is a file you can use this to control who can use what devices. You can also manipulate the user whose permissions an executable will use to run.
Granted, systems often come with stupid default permissions, but that's hardly a reason to write a new OS.
Re:unix badness (Score:1)
I have never seen a program that needs root priveleges to run. There are many that default that way however. Take for example tcpdump: Typically it is run as root, but, this is only because it needs to be able to set the ethernet adapter to promiscuous mode (which by default can only be done by root). We can always change the permissions of eth0 to allow it to be put into promiscuous mode by another user if we want.
The statement that there are only two levels of security is completly untrue. You can have as many levels of security as you have users and groups.
What about AtheOS? (Score:2)
Re:OpenBSD not ideal (Score:2)
remember who funded much of the BSD development (Score:1)
Remember that DARPA resources can promote development an improvements in operating systems. After all that is in part how BSD came into existence in the first place!
Much of the OpenBSD code came about as a direct or indirect result from DARPA efforts (via CSRG and friends). A fair amount BSD code DARPA helped fund found its was into the GNU and Linux efforts as well. If DARPA wants to fund more research and development let them!
Re:DARPA has been funding OS research for a long t (Score:1)
This is dead wrong. There is not, nor has there ever been, a conflict between public domain and open source. You are probably confusing it with the GNU (Lesser) Public License, which places the additional requirent of passing on source along with any binaries (or ensuring the availability and knowledge of the source).
uninformed: redefine userspace as app-space? (Score:2)
how much of a difference would it make to assign each executable its own "user" space - ie, executables have access to whatever the user has access to, so implement an interface framework to always run executables as their own user (unless directed otherwise by trusted real user)? this would seem to define another layer of security, with all the security checks already in place for users.
next implement interface for users to run apps...
could then a simple(?) tmp redirect to "user-app" space take care of the global tmp access problem as well?
does any of this make sense?
Re:"Secure Linux"? (Score:1)
Regards, Tommy
DARPA Involvement (Score:2)
Re:Why DARPA is doing this (Score:2)
You've got some good (but cynical) points about the overall structure of the agency, but you've left out one major piece. The program managers themselves have a responsibility to find new and interesting projects in their expertise that fulfill this "high-risk, high-payoff" goal. The desire to take credit is quite possibly the motivation of the political appointees at the top of the agency, and the reason why the program was approved and given funds. The proposal for the program itself probably came from some technically competent program manager who has intrest in and knowledge of open source, and a desire to see what defense applications can come out of it.
I'm sure that there are some people in DARPA who are at least as interested in developing cool new technologies as covering their asses.
In the document itself, they even say that the primary goal of the program is to achieve "Revolutionary advances in the state-of-the-art [...] improving the security functionality, services, and assurance of existing open source operating systems." The question is whether the tens of millions of dollars that DARPA is going to spend will do as much good as the millions they spent trying to realize "distributed networking" did for what is now the internet. It probably won't, but it can't be a bad thing for the community, because it's not like they can buy open source and control the means of production of Free Software.
One other thing that might be motivating this study is the increased worrying in the Pentagon about information warfare. They look around and realize that they don't have a fraction of the best hackers. If it comes down to a real war where the existence of the US is threatened, what are they going to do? They can't draft them and expect them to work, and they probably don't have the resources (human or legal -- as a government agency, the DoD is somewhat limited in what they can pay people) to go on an all-out recruiting binge. So how do you use some of the talent that is out there? Maybe you can get some help from what the best are doing for themselves.
BMangneton----------------
Care for a Spin?
Re:OpenBSD is not the be all and end all... (Score:2)
No, it's a problem with Unix. In Unix, root is god; he has complete control over the system. If root wants to read Joe Shmoe's files, bcc: all incoming and outgoing email to a computer in China, or rm -rf /, then that's what's going to happen. Any exploitable bug- not just buffer overruns but any other kind of problem like a tempfile that depends on user provided information- in a program that's running SUID will let an attacker turn himself into root (and then do anything he wants). This is a problem with the Unix security model, not with the processor architecture.
With a more sophisticated priviledge model- one that gave priviledged programs only enough power to do what they need to do- a broken program would only allow the user to do the same kinds of things that the broken program did. A broken mail program would only let a user do things relevant to moving mail, and not read all the files in /home/jshmoe/private. A broken PPP program would only let you do things about ppp, not rewrite /etc/shadow. There would still be a few programs (like login authentication) truly critical to system security, and a bad program could still cause problems, but the situation wouldn't be as critical.
Re:OpenBSD is not the be all and end all... (Score:3)
I'm not sure that I'd agree that capabilities are necessarily the best hope for the future. At the very least they have to overcome the obstacle that they require a substantial reorientation of people's views toward the way that operating systems behave. I'm not saying that we don't ultimately need to do so, just that it's a substantial obstacle.
The real problem with the Unix model is that it utterly fails to implement any real least priviledge system. Every program that needs any priviledges not available to an ordinary user gets full root priviledge, so that a single security crack in any SUID root program opens up the whole system. That's worse than just account level granularity. There's literally only two levels of operation, peon and god. It's a terrible security model, and only an outrageous level of code auditing has any hope of preserving anything like real world data security. That people have been willing to go as far as they have in auditing the code is commendable (and, of course, any system can benefit from the level of auditing that OBSD has instituted) but it's not a reliable route to high grade security.
Re:unix badness (Score:1)
---
Re:Go away darpa (Score:1)
A new OS? (Score:1)
Personally, I think it would be rediculous for them to write their own OS, since Linux/BSD, while they have their flaws, are already pretty well suited to what they're trying to do... the only reason I can see them writing they're own is if they don't want anyone to have the code.
Re:unix badness (Score:2)
"8 electronic copies"?! (Score:1)
Also notice the Microsoft character [fourmilab.ch] for apostrophe (looks like a question mark on my screen).
Slashdot won't let me post that char literally (nice job), so I replaced it with a litaral question mark.
Of course they aren't going to use BSD... (Score:1)
Re:Of course they aren't going to use BSD... (Score:1)
Re:Security (Score:2)
Sorry to diagree, but I don't think this guy deserves to be modded back up. He is apparantly one of these guys that thinks open source means a guy like myself can go change the official linux code, and no one will know. His post should be ignored and everyone should move along.
OpenBSD not ideal (Score:4)
Re:unix badness (Score:1)
Problem 1:
Letting any user put the NIC into promisc mode isn't a security hazard?
Problem 2:
This is just wrong. Read up on ACLs, Capabilities, Mandatory Access Control, Auditing.
(From trustedbsd.org [trustedbsd.org]).
Here is a good intro to capabilities [eros-os.org].
---
In a hundred-mile march,
Re:unix badness (Score:3)
This is not the point. You basically have two permissions on Unix systems--users and root. In order to get certain things done, programs often need root privileges, which means they can do *anything*. It also means you can't have an 'audit' user who can monitor the system reliably. A bad admin who is root can cover her tracks because root can do anything. (I don't think a tripwire-type solution will work here.)
All the files for one user are the same permission-wise. That means you can't jail certain progs to protect things. Groups don't help too much with this, and don't scale well.
Bottom line--Unix has some great applications, especially with its network services. But it was *never* designed as a secure OS. Basically, some guys in a lab and some guys at universities built an OS to do things they wanted to do, working with other guys they trusted. Later some rudimentary security got added in, but this was not a basic element.
Maybe, in fact, this is *why* Unix was/is popular--OS's with massive security models tend to suck to use because all that security has a usability tradeoff. Basically, you could get stuff done on Unix, and from time to time you'd figure out how to keep people from messing with the stuff you were working on after something bad happened.
---
In a hundred-mile march,
No short cuts (Score:1)
There's never too much research.
___
DARPA has been funding OS research for a long time (Score:1)
Ted Goranson, who has done research under Darpa grants, often laments that there has been amazing little development in operating systems since the 1970s. The files systems of most of todays operating systems remain primitive and little changed from 30 years ago.
Much research has been done and it has lead to many good experimental technologies (file systems that work as databases,instead of being flat). However, these technologies are slow to be incorporated into commercial products, partly because those products labor under the need for backwards compatibility.
Goranson remarked that some of the Darpa funded research on OSs was incorporated into the latest OS from Apple, but I'm not sure of the details.
Re:DARPA has been funding OS research for a long t (Score:1)
Obligatory Microsoft Slam (Score:2)
SUBTERFUGUE (Score:1)
(It runs under vanilla Linux 2.4 and a Debian package is available, but it is kind of slow and alpha.)
--Mike
Sigh... (Score:1)
DoD has all the fun. (Score:2)
This'll definitely be the wave of the future, I can hear it now:
"Hello ladies and gentlemen and welcome to CounterStrike 2002: Judgement Day. I'm Al Micheals along with my lovely co-host Killcreek, who knows a thing or two about pointy weapons, err, I mean "pointing" weapons at people.
Tonight's matchup will be Iraq, headed by the "Multikill" master Saddam Hussein versus that tenacious Colt weilding mastermind George W. Bush, who currently leads the United States in terrorist headshots. It's gonna be a winner take all brawl of the century!"
Godlike killing spree's: The Linux Pimp [thelinuxpimp.com]
Re:A chance for a GUI OS come out of this? (Score:1)
Re:openbsd (Score:1)
Re:Go away darpa (Score:1)
Nice try clown. DARPA invented the internet (it used to be ARPAnet).
it's actually pretty sensible (Score:2)
Many people do research on reliability and repair costs before buying a new car and will be reluctant to buy a car from a company with no track record. Even VCs give money preferentially to people with track records (most of them won't even talk to you unless you have been referred--it isn't worth their time). If anything, DARPA seems a bit more open to new ideas and new people.
*BSD isn't research (Score:5)
Perhaps some of this research will be done on top of one of the BSD platforms. Perhaps it will be done on Linux. Perhaps some of it will be completely platform independent. But no matter what it will be done on, there are more interesting research questions to ask about open source, secure operating systems, and heterogeneous environments than whether we can fix a few more bugs in BSD or Linux.
Re:Security (Score:1)
I think that this is a bit of exaggeration.
Definatelly openbsd (Score:1)
According to Netcraft [netcraft.com] that site is running IIS [netcraft.com]
Re:What about AtheOS? (Score:2)
This is neat stuff, and he looks like he is really onto something. The real trick is going to getting enough 'market saturation' so that drivers and apps are ported to this.
Star Office and Mozilla, being OS, are givens. The real trick, far down the line, is getting Adobe to do ports for their 'industry standard' (*sigh*) software to AtheOS. They *almost* committed for BeOS.
A chance for a GUI OS come out of this? (Score:5)
Re:Security (Score:2)
Oh come on (Score:1)
WarGames (Score:1)
I'm sure on some level this is pretty obvious. However, I guess I've always considered script kiddies as pranksters rather than a threat to national security. Does this scare anyone else?
--
"Sir, I'm scared."
we've known since '98 that DARPA is evil (Score:1)
You shouldn't be allowed to lord over boxes (Score:2)
Intial Premise:
I write a firewall that requires you to specify which ports should be open initially and how often to rotate them. It also allows you block access of information, in-going and out-going, or IP's you don't specify. Then, I allow to decide the level of access each net-accessing application and external IP may have to your system.*
Concept:
This is all done Raymond style, i.e. open source. Any script-kiddie and his uncle can stare at the source. By your conception, allowing this makes my firewall weak.
Environment:
Now, naturally, only a person with root priveleges can make alterations to the entailment of the firewall, unless otherwise specified, right? That's obviously yes if you have ever used any firewall worth it's weight in electrons.
On top of that, we'll assume you were smart enough to download from MY site, not some third party site, which would put you at risk. You know that already, like most of us, and that's why you're at MY site.
Nothing mentioned so far is abnormal, or even sufficiently outside the realm of what's expected of a super user, i.e. the ability to think.
Paradox:
The script-kiddie knows of some really stupid flaw that I didn't think of, oy, well, that happens***. He/She will assume you will initialize ICQ/ICU on its normal port****. Why do you do that? Same reason you wrote this post to begin with. Anywho, they create a portal string through ICQ/ICU. You're not tracking the IP movement because of the pre-mentioned reason. Ditto for why you don't cut&rotate for additional IP-links. Now, how's this script-kiddie going to affect the firewall? He doesn't have the localhost IP or root priveleges.
You're thinking, "But he got inside, he can do stuff!" NO HE CAN'T!!! Where have you been!? He doesn't have root priveleges! He has NO user priveleges! THIS IS LINUX!**
Conclusion:
Well written, open-source software is more than secure enough*, especially on the right system**. Even if the software has a flaw***, a capable user can take extra precautions to increase it's ability****.
Comment:
Hack your own box, but, whatever happens to you will nolonger be my fault:P
I will avoid saying, "Class dismissed," only because it's used ATLEAST once a week on Slashdot.
Besides, I now have lots of time, because I'm on strike due to an anti-semetic comment in, I think, The Mandrake article. As long as that's up, I have all sorts of extra time to kvetch an jibber. Actually, I'm thinking about making "Dotslash: The Crossfire of the Geeks" text adventure...well, slashdot-facade, but that's all; it'll be like that old commodore 64 game "Portal" but less plot and more "Nonsense", see Jon's Humorix Toys at i-want-a-website.com/about-linux and yes, Jon likes dashes very much.
Hmm, I guess I will now be intergrating Nonsense; feh, now Jon will want a copy before I release it.
I hope this was informative to you "Open Source Isn't Secure" types. In fact, just to mention about BSD for a moment: The reason why it seems constantly out of date is because it is constantly being tested for those "flaws" and insecurities. I compliment the effort, but it does cause the appearance of antiquation. Sure, their 3.0 compiler is more stable than your 4.0, but it lacks features and advancement. Their 4.6 firewall is more powerful than your 6.2, but it's not as customizable or as scalable. However, if you would consider OpenBSD, or any for that matter, you would have little in the ways of worries and only the occasional woe. And, every once in awhile...you can get an impressive application that makes us GNU-ists stop and say, "Woah!"
^_^
Now...about that anti-semetic AnonCow, could someone do something...NOW-ish?
Down the road... (Score:2)
Can you see it? Someday, all transactions on digital networks will require secure p2p operation such as this would provide. Meaning, that companis would only do business with you if they can be assured you won't take advantage of them.
This would be a very marketable product in the future. Wouldn't the MPAA love it when all television sets in the future run this future OS? It would assure them that your TV is who it says it is, and would make sure those silly kids aren't trying to record a TV shows... God forbid.
DARPA - The government gets involved. (Score:2)
One reason that commercial companies are reluctant to use OSS is that they do not like to relinquish control to unknown elements. We all know the standard rebuttals to this point, but the military could be worse.
The military and security agencies are incompatibvle in terms of ethos with the OSS atmosphere. Will they give outside developers, like Joe Bloggs from Birmingham, UK, or Pu Kong Yon from Bangkok, the same access to internal information and the same time of day as external developers?
I fear , very much, that there could be difficult times ahead in this project. I am hedging my bets as to the outcome.
You know exactly what to do-
Your kiss, your fingers on my thigh-
There's still room for research (Score:3)
Maybe someone should just tell them about OpenBSD, save some time and money.
Maybe someone shuld just tell Michael about EROS [eros-os.org], a GPL'd x86 capabilities OS currently under development.
Read more on capabilities [eros-os.org] and why they're important to OS security. A capabilities system is relatively resistant to a lot of the big security issues that plague other types of systems. For example, even if buffer overruns do occur, the damage that can be done is very limited. This is a really cool project.
Re:If they could do this one... (Score:2)
Dare to dream... :-)
Re:Go away darpa (Score:3)
Too bad that DARPA INVENTED the Internet! Back when they were still ARPA (Advanced Research Projects Agency). Now they've become DARPA by throwing a Defense in front of the ARPA.
So as Mr. T would say, "Cut that jibba-jabba, fool! Internet wuzn't no creation of the free-market!"
Don't beat up the good guys - and deadline's soon (Score:4)
DARPA is trying to advance what's already available - and advances in security would be great. I suspect they will be able to make advances, since they're planning to spend $10 million on the winning proposals. As has been noted, OpenBSD is not a perfect solution - its packages are often quite old and it has many functionality limits (e.g., no support for SMP). It also doesn't meet the principle of "least privilege" - root is still all-powerful, programs can do anything their owners can, etc.
The deadline is soon for those interested in submitting a proposal. The full proposal (all copies) must be submitted in time to reach DARPA by 4:00 PM (U.S. Eastern Time) Monday, March 5, 2001, in order to be considered; it CANNOT be sent by email or fax (they REQUIRE PHYSICAL COPIES).
People interested in submitting a proposal should also read the Proposer Information Pamphlet (PIP) [darpa.mil], which isn't easy to find unless you know where it is.