Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 21 Jul 2017 05:45:25 -0400
From: Stiepan <stie@....swiss>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Cc: Martin Decky <decky@....mff.cuni.cz>
Subject: Re: CoreOS membership to linux-distros (updated)

Back to CoreOS, I think that the practical answer is https://coreos.com/os/docs/latest/selinux.html .
Now is it good / acceptable to rely on it (over classical Unix privileges, or another MAC) is actually an interesting, relatively unexplored research subject...
What makes no doubt is that it is in line with the use made by Google of Linux, including in Android and therefore, very probably makes sense for Google.
We lack some literature to back this choice for general-purpose use by the public at large, however.
http://www.cse.psu.edu/~trj1/cse544-s13/slides/cse544-selinux.pdf and https://www.ibm.com/developerworks/library/l-selinux/ * provide good starting points for such research; (public) research seems to have stopped since then (= more or less in 2009 apparently)†.
*With pointers to some alternatives in Linux and other operating systems, likewise many references
†The first presentation cites www.isoc.org/isoc/conferences/ndss/09/pdf/16.pdf, which provides an analysis of MAC mechanisms' (remote) attack surface.
A more recent, Android-centered presentation (http://kernsec.org/files/lss2015/vanderstoep.pdf) cites Wikipedia, stating that "[...] the security of an SELinux system depends primarily on the correctness of the kernel and its security-policy configuration", further highlighting the lack of in-depth research.
(the emphasis / bold typeface on the second part of the sentence was left as in the original quote)
I guess the question now is - do we trust Wikipedia articles on such matters? - and if we do, was the correctness in question attained in CoreOS's case?
Likewise, could we somehow measure / quantify a level of this correctness using a formal method? (and if so, what about generalizing it to other OS + xAC pairs so as to evaluate their suitability for specific use cases, target demographics, likewise threat models?)
Stiepan
P.S.: Full disclosure - I have an interest in finding a secure, yet broadly compatible enough OS. CC-ing Martin Decky, who was 1st to propose a formal approach to it.

> -------- Original Message --------
> Subject: Re: [oss-security] CoreOS membership to linux-distros (updated)
> Local Time: July 20, 2017 7:04 PM
> UTC Time: July 20, 2017 7:04 PM
> From: jesse_hertz@...le.com
> To: oss-security@...ts.openwall.com
> Additionally, Docker doesn"t maintain a kernel distribution, whereas OpenVZ does, making this request strange to say the least.
> I also think its disingenuous to imply there"s "one patch" that divides a secure containerization system from another. Container/Kernel security is... quite complicated to say the least.
>> On Jul 20, 2017, at 6:42 AM, Greg KH <greg@...ah.com> wrote:
>>
>> On Thu, Jul 20, 2017 at 07:13:03AM +0300, gremlin@...mlin.ru wrote:
>>> On 2017-07-18 14:56:23 -0700, Euan Kemp wrote:
>>>
>>>> I???ve listed each criterion and why I think we, the Container
>>>> Linux team at CoreOS, qualify.
>>>>
>>>>
>>>>> 1. Be an actively maintained Unix-like operating system distro
>>>>> with substantial use of Open Source components
>>>> All components of the distro are open source, as are all the
>>>> tools used to build it.
>>>
>>> Prior to any decision to be made, I"d ask you to show the kernel
>>> patch which you use to avoid escaping from the container to host
>>> system (Docker allows such escape, OpenVZ does not). Could you,
>>> please, show it?
>>
>> All of CoreOS"s kernel patches are public, here"s their latest branch:
>> https://github.com/coreos/linux/tree/v4.12.2-coreos
>>
>> But what does a specific kernel patch have to do with linux-distro"s
>> membership requirements?
>>
>> confused,
>>
>> greg k-h

Stiepan Aurélien Kovac

IT Kovac + itk AVtobvS Sàrl
Geneva + Jussy, Geneva CH

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.