At 22:35 2006-07-02, you wrote:
On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote:
> On 7/2/06, Tobias Ulmer <[EMAIL PROTECTED]> wrote:
>> On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote:
>>> Hello,
>>>
>>> Zophie is patch that contains new security features for OpenBSD 3.9. BSD
>>> license. I have not tested it personaly, but probably it's worth to
>>> analyze it and maybe even incorporate. More info:
>>> http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/
>>>
>> I normally don't take the bait, but this one is so cute...
>>
>> After reading through the diffs: (not supplied for added obfusication?)
>>
>> - add a new sysctl to the kernel.
>> - patch some userland tools.
>> - If this sysctl is set, supress certain information.
>>
>> Rocket sience! Even the dumbest scriptkiddie could just compile
>> and run these tools from the original OpenBSD sources.
>>
>> Probably the whole "Polish Underground Group profess OpenBSD OS as a
>> religion" is a big subtle joke? If so, well done and thanks for the good
>> laugh :)
>
> If it is a subtle joke I sure like the screenshots of the install.
However, note that the page is quite frank about what is being done,
from the web page quoted above:
- kern.zophie.privacy
This setting is responsible for process privacy in finger, last,
netstat, ps, users, w, and who.
Value 1 turns on this feature.
This, obviously, still doesn't make it very useful (if only because,
even after you've mounted everything noexec, you still have top, and so
on and so forth) - but the above should be enough to arouse suspicion.
Joachim
Process privacy itself is done in kernel so top & other tools (like
lsof for example) will not work.
Ps, users, w & who are pathed to not show other users that are in &
this is independent with process privacy.
You may find OpenBSD that is on screenshots here:
http://nicram.sytes.net/openbsd/openbsd-3.9-i386-zophie.iso
It is extactly same OpenBSD.
& yes it is very easy to make it on Your own :) This is how KISS apps
should be made, even when they change something in kernel :)
Best Regards
