140 likes | 286 Views
Security Features in FreeBSD 4.0 M. Warner Losh Timing Solutions, Inc. FreeBSD Security Officer imp@FreeBSD.org http://www.freebsd.org/~imp/japan-00.ppt. June 9-10, 2000 JUS/K*BUG Seminars. Road Map to Talk. Introduction New technical features New organizational features
E N D
Security Features in FreeBSD 4.0M. Warner LoshTiming Solutions, Inc.FreeBSD Security Officerimp@FreeBSD.orghttp://www.freebsd.org/~imp/japan-00.ppt June 9-10, 2000 JUS/K*BUG Seminars
Road Map to Talk • Introduction • New technical features • New organizational features • A closer look at jail(8) • Q & A
New Technical Features • Jail(8) and chroot(2) enhancements • OpenSSL and OpenSSH • Many vulnerabilities from “ports” corrected • IPv6 and IPSec added • Secure telnet using SRA • New resource limits created • Bug fixes: many DoS issues corrected • ipfilter and ipfw improvements
New Organizational Details • Total system approach to security • Mr. Kris Kennaway is now coordinates “ports” related security issues • Security advisories now issued for “ports” • FreeBSD system administrators members of security-officer ML • FreeBSD Auditing project • Security awareness activism
A Closer Look at Jail(8) • Historical perspective • What is wrong with chroot? • What it adds over chroot(8) • How does jail(8) fix those problems? • A quick example • Where to find more information about jail(8)
Historical Efforts • Chroot jails were constructed to help firewall systems. • Chroot was also used to segregate users from each other on highly secure machines • Chroot environments were used to allow multiple versions of software to run on the same machine unchanged
Problems with chroot(8) • Can obtain or keep references outside of the chroot tree • Superuser still can do everything, including accessing the raw disk and mounting filesystems • Current directory doesn’t change, so it is easy to accidentally contaminate a chroot jail’s environment • Hard to make secure against root
How is jail(2) Different than chroot(2)? • Chroot(2) only changes the root directory • Jail(2) does everything that chroot(2) does, as well as: • Changes directories to the root of the jail • Dilutes superuser abilities while in jail • Adds an IP address for use only by the jail • Restricts what jailed processes can see outside of the jail. • Jailed processes flagged as being in jail
A quick example -- Setting up the tree D=/here/is/the/jail cd /usr/src make hierarchy DESTDIR=$D make obj make depend make all make install DESTDIR=$D cd etc make distribution DESTDIR=$D NO_MAKEDEV=yes cd $D/dev sh MAKEDEV jail cd $D ln -sf dev/null kernel
An Example -- Configuration • Limit network services that listen on all ports: nfs, portmapper, inetd, sendmail, bind, etc • copy /stand/sysinstall to $D/stand/sysinstall • start jail: jail $D my-jail-name 10.0.0.1 /bin/sh • run /stand/sysinstall in jail to configure machine • setup timezone, add accounts, disable network interfaces, etc • exit jail
A quick example -- starting the jail • Add alias to network interface • mount procfs in the jail’s /proc directory • start jail: jail $D my-jail-name 10.0.0.1 /bin/sh /etc/rc & • Let the jail do is thing. • To make this permanent, you’ll need to write a rc.d script to accomplish this on startup.
Problems with jail(8) • Not a complete virtual machine • Large overhead in chroot trees • No management facilities for jailed processes • Can be hard to setup • NFS can get confused in jailed systems
Where can I find more about jail(8)? • Man pages: jail(2), jail(8) • /usr/share/doc/papers/jail.ps • http://people.freebsd.org/~imp/jail.html
Questions and Answers • 42 Warner Losh Timing Solutions, Inc. FreeBSD Security Officer imp@FreeBSD.org