Hi! On Sat, 29 Nov 2003 05:10, "Martin G.H. Minkler" <[EMAIL PROTECTED]> wrote: >> A little OT, but http://www.adamantix.org 's distro provides everything >> and more SELinux has to offer while IMHO being a little easier to handle. > Adamantix is not Debian. The people subscribed to this list are here for > Debian security not other OS security.
Adamantix is still Debian, only more secure. One of the enhancements is the use of SSP: Stack Smashing Protector (also known as ProPolice). It is a patch for GCC which adds protection against a number of stack overflows. OpenBSD uses it too, Theo de Raadt even says that it is as good as normal GCC. In Adamantix we still use GCC 2.95, which has some issues with some C++ code. Other than that, it works fine. Even the Adamantix kernel has been compiled with SSP. SSP protects the base pointer and the return address on the stack by placing a so called canary before these two addresses. When an overflow overwrites the canary, this will be detected by SSP before the function returns. Thus the program is terminated before the exploit code is called. The overhead introduced by SSP is relatively low, because it tries to do some optimisations. It only adds checking code to functions which it considers dangerous. The optimisation algorithm is not perfect, and therefore it can skip functions that need protection. But it is possible to let SSP generate code for every function, at a higher performance cost of course. Another useful feature is that SSP reorganises local variables. Arrays are placed closer to the canary value on the stack. And pointer variables are moved away (they could be damaged too by overflows that do not overwrite the canary value). It is therefore more effective than similar solutions that do not reorder local variable. SSP is certainly not perfect, it can only stop a limited number of exploits. But it is not wise to depend on only one security mechanism. Therefore it will be more effective when used together with a kernel patch like PaX and a mandatory access control system like RSBAC, like in Adamantix. Last time I looked, the GCC 3.3 package in Debian already had the patch included. It is just not enabled by default. Remove one #, rebuild the package and you can use the stack protector enabled GCC compiler. You have to watch out though, an SSP compiled object file will require several symbols that are normally provided when you compile everything with SSP. This can cause problems when SSP is used to compile a library, but not the main executable. There are other things to watch out for, like GRUB and the Linux kernel do not link without adding a few lines of code. Trivial to fix, but still something to watch out for. Other than that, it has been working fine. I have not yet seen SSP related problems for packages that compiled succesfully, other than missing symbols when mixing Debian Woody packages with Adamantix packages. All in all I can certainly recommend it. >> Don't want to discourage anybody from SELinux, especially not with >> kernel 2.6 reaching production status, just my 2c ;-) > I doubt that there's any risk of that. It looks like SELinux is an interesting concept, but it is lacking some important functionality. This is mostly because the LSM concept on which it is based is has a number of problems. See also: http://www.rsbac.org/lsm.htm http://www.grsecurity.net/lsm.php Fortunately, RSBAC is not limited by the limitations of LSM. People who have used SELinux before using RSBAC told me that RSBAC is easier to use than SELinux. Groetjes, Peter Busser -- The Adamantix Project Taking high-security Linux out of the labs, and into the real world http://www.adamantix.org/