Date: Fri, 21 Jul 2017 05:45:25 -0400 From: Stiepan <stie@....swiss> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Cc: Martin Decky <decky@....mff.cuni.cz> Subject: Re: CoreOS membership to linux-distros (updated) Back to CoreOS, I think that the practical answer is https://coreos.com/os/docs/latest/selinux.html . Now is it good / acceptable to rely on it (over classical Unix privileges, or another MAC) is actually an interesting, relatively unexplored research subject... What makes no doubt is that it is in line with the use made by Google of Linux, including in Android and therefore, very probably makes sense for Google. We lack some literature to back this choice for general-purpose use by the public at large, however. http://www.cse.psu.edu/~trj1/cse544-s13/slides/cse544-selinux.pdf and https://www.ibm.com/developerworks/library/l-selinux/ * provide good starting points for such research; (public) research seems to have stopped since then (= more or less in 2009 apparently)†. *With pointers to some alternatives in Linux and other operating systems, likewise many references †The first presentation cites www.isoc.org/isoc/conferences/ndss/09/pdf/16.pdf, which provides an analysis of MAC mechanisms' (remote) attack surface. A more recent, Android-centered presentation (http://kernsec.org/files/lss2015/vanderstoep.pdf) cites Wikipedia, stating that "[...] the security of an SELinux system depends primarily on the correctness of the kernel and its security-policy configuration", further highlighting the lack of in-depth research. (the emphasis / bold typeface on the second part of the sentence was left as in the original quote) I guess the question now is - do we trust Wikipedia articles on such matters? - and if we do, was the correctness in question attained in CoreOS's case? Likewise, could we somehow measure / quantify a level of this correctness using a formal method? (and if so, what about generalizing it to other OS + xAC pairs so as to evaluate their suitability for specific use cases, target demographics, likewise threat models?) Stiepan P.S.: Full disclosure - I have an interest in finding a secure, yet broadly compatible enough OS. CC-ing Martin Decky, who was 1st to propose a formal approach to it. > -------- Original Message -------- > Subject: Re: [oss-security] CoreOS membership to linux-distros (updated) > Local Time: July 20, 2017 7:04 PM > UTC Time: July 20, 2017 7:04 PM > From: jesse_hertz@...le.com > To: oss-security@...ts.openwall.com > Additionally, Docker doesn"t maintain a kernel distribution, whereas OpenVZ does, making this request strange to say the least. > I also think its disingenuous to imply there"s "one patch" that divides a secure containerization system from another. Container/Kernel security is... quite complicated to say the least. >> On Jul 20, 2017, at 6:42 AM, Greg KH <greg@...ah.com> wrote: >> >> On Thu, Jul 20, 2017 at 07:13:03AM +0300, gremlin@...mlin.ru wrote: >>> On 2017-07-18 14:56:23 -0700, Euan Kemp wrote: >>> >>>> I???ve listed each criterion and why I think we, the Container >>>> Linux team at CoreOS, qualify. >>>> >>>> >>>>> 1. Be an actively maintained Unix-like operating system distro >>>>> with substantial use of Open Source components >>>> All components of the distro are open source, as are all the >>>> tools used to build it. >>> >>> Prior to any decision to be made, I"d ask you to show the kernel >>> patch which you use to avoid escaping from the container to host >>> system (Docker allows such escape, OpenVZ does not). Could you, >>> please, show it? >> >> All of CoreOS"s kernel patches are public, here"s their latest branch: >> https://github.com/coreos/linux/tree/v4.12.2-coreos >> >> But what does a specific kernel patch have to do with linux-distro"s >> membership requirements? >> >> confused, >> >> greg k-h Stiepan Aurélien Kovac IT Kovac + itk AVtobvS Sàrl Geneva + Jussy, Geneva CH
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ