New Security Features in FreeBSD 4.0
Download
Report
Transcript New Security Features in FreeBSD 4.0
Security Features in FreeBSD 4.0
M. Warner Losh
Timing Solutions, Inc.
FreeBSD Security Officer
[email protected]
http://www.freebsd.org/~imp/japan-00.ppt
June 9-10, 2000
JUS/K*BUG Seminars
V-1
Road Map to Talk
Introduction
New technical features
New organizational features
A closer look at jail(8)
Q&A
V-2
New Technical Features
Jail(8) and chroot(2) enhancements
OpenSSL and OpenSSH
Many vulnerabilities from “ports” corrected
IPv6 and IPSec added
Secure telnet using SRA
New resource limits created
Bug fixes: many DoS issues corrected
ipfilter and ipfw improvements
V-3
New Organizational Details
Total system approach to security
Mr. Kris Kennaway is now coordinates
“ports” related security issues
Security advisories now issued for “ports”
FreeBSD system administrators members of
security-officer ML
FreeBSD Auditing project
Security awareness activism
V-4
A Closer Look at Jail(8)
Historical perspective
What is wrong with chroot?
What it adds over chroot(8)
How does jail(8) fix those problems?
A quick example
Where to find more information about jail(8)
V-5
Historical Efforts
Chroot jails were constructed to help firewall
systems.
Chroot was also used to segregate users
from each other on highly secure machines
Chroot environments were used to allow
multiple versions of software to run on the
same machine unchanged
V-6
Problems with chroot(8)
Can obtain or keep references outside of the
chroot tree
Superuser still can do everything, including
accessing the raw disk and mounting
filesystems
Current directory doesn’t change, so it is
easy to accidentally contaminate a chroot
jail’s environment
Hard to make secure against root
V-7
How is jail(2) Different than chroot(2)?
Chroot(2) only changes the root directory
Jail(2) does everything that chroot(2) does, as
well as:
Changes directories to the root of the jail
Dilutes superuser abilities while in jail
Adds an IP address for use only by the jail
Restricts what jailed processes can see
outside of the jail.
Jailed processes flagged as being in jail
V-8
A quick example -- Setting up the tree
D=/here/is/the/jail
cd /usr/src
make hierarchy DESTDIR=$D
make obj
make depend
make all
make install DESTDIR=$D
cd etc
make distribution DESTDIR=$D NO_MAKEDEV=yes
cd $D/dev
sh MAKEDEV jail
cd $D
ln -sf dev/null kernel
V-9
An Example -- Configuration
Limit network services that listen on all ports: nfs, portmapper,
inetd, sendmail, bind, etc
copy /stand/sysinstall to $D/stand/sysinstall
start jail:
jail $D my-jail-name 10.0.0.1 /bin/sh
V-10
run /stand/sysinstall in jail to configure machine
setup timezone, add accounts, disable network interfaces, etc
exit jail
A quick example -- starting the jail
Add alias to network interface
mount procfs in the jail’s /proc directory
start jail:
jail $D my-jail-name 10.0.0.1 /bin/sh /etc/rc &
V-11
Let the jail do is thing.
To make this permanent, you’ll need to write a rc.d script to
accomplish this on startup.
Problems with jail(8)
Not a complete virtual machine
Large overhead in chroot trees
No management facilities for jailed processes
Can be hard to setup
NFS can get confused in jailed systems
V-12
Where can I find more about jail(8)?
Man pages: jail(2), jail(8)
/usr/share/doc/papers/jail.ps
http://people.freebsd.org/~imp/jail.html
V-13
Questions and Answers
42
Warner Losh
Timing Solutions, Inc.
FreeBSD Security Officer
[email protected]
V-14