Boost OpenBSD security - Zophie for 3.9

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Boost OpenBSD security - Zophie for 3.9

Tomasz Zielinski
Hello,

Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/

--
Pozdrawienia/Regards
Tomasz Zielinski


----------------------------------------------------
5 sierpnia o6 CESARIA EVORA w Gdyni. Koncert z morzem w tle
w ramach festiwalu GLOBALTICA! Spotkania Kultur &wiata!
http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fcesaria.html&sid=805

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Tobias Ulmer
On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote:
> Hello,
>
> Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/
>
> --
> Pozdrawienia/Regards
> Tomasz Zielinski
>

I normally don't take the bait, but this one is so cute...

After reading through the diffs: (not supplied for added obfusication?)

- add a new sysctl to the kernel.
- patch some userland tools.
- If this sysctl is set, supress certain information.

Rocket sience! Even the dumbest scriptkiddie could just compile
and run these tools from the original OpenBSD sources.

Probably the whole "Polish Underground Group profess OpenBSD OS as a
religion" is a big subtle joke? If so, well done and thanks for the good
laugh :)

Tobias

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Greg Thomas-3
On 7/2/06, Tobias Ulmer <[hidden email]> wrote:

> On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote:
> > Hello,
> >
> > Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/
> >
> > --
> > Pozdrawienia/Regards
> > Tomasz Zielinski
> >
>
> I normally don't take the bait, but this one is so cute...
>
> After reading through the diffs: (not supplied for added obfusication?)
>
> - add a new sysctl to the kernel.
> - patch some userland tools.
> - If this sysctl is set, supress certain information.
>
> Rocket sience! Even the dumbest scriptkiddie could just compile
> and run these tools from the original OpenBSD sources.
>
> Probably the whole "Polish Underground Group profess OpenBSD OS as a
> religion" is a big subtle joke? If so, well done and thanks for the good
> laugh :)
>

If it is a subtle joke I sure like the screenshots of the install.

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Joachim Schipper
On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote:

> On 7/2/06, Tobias Ulmer <[hidden email]> wrote:
>> On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote:
>>> Hello,
>>>
>>> Zophie is patch that contains new security features for OpenBSD 3.9. BSD
>>> license. I have not tested it personaly, but probably it's worth to
>>> analyze it and maybe even incorporate. More info:
>>> http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/
>>>
>> I normally don't take the bait, but this one is so cute...
>>
>> After reading through the diffs: (not supplied for added obfusication?)
>>
>> - add a new sysctl to the kernel.
>> - patch some userland tools.
>> - If this sysctl is set, supress certain information.
>>
>> Rocket sience! Even the dumbest scriptkiddie could just compile
>> and run these tools from the original OpenBSD sources.
>>
>> Probably the whole "Polish Underground Group profess OpenBSD OS as a
>> religion" is a big subtle joke? If so, well done and thanks for the good
>> laugh :)
>
> If it is a subtle joke I sure like the screenshots of the install.

However, note that the page is quite frank about what is being done,
from the web page quoted above:

- kern.zophie.privacy
  This setting is responsible for process privacy in finger, last,
netstat, ps, users, w, and who.
  Value 1 turns on this feature.

This, obviously, still doesn't make it very useful (if only because,
even after you've mounted everything noexec, you still have top, and so
on and so forth) - but the above should be enough to arouse suspicion.

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Marcin Wilk-2
At 22:35 2006-07-02, you wrote:

>On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote:
> > On 7/2/06, Tobias Ulmer <[hidden email]> wrote:
> >> On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote:
> >>> Hello,
> >>>
> >>> Zophie is patch that contains new security features for OpenBSD 3.9. BSD
> >>> license. I have not tested it personaly, but probably it's worth to
> >>> analyze it and maybe even incorporate. More info:
> >>> http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/
> >>>
> >> I normally don't take the bait, but this one is so cute...
> >>
> >> After reading through the diffs: (not supplied for added obfusication?)
> >>
> >> - add a new sysctl to the kernel.
> >> - patch some userland tools.
> >> - If this sysctl is set, supress certain information.
> >>
> >> Rocket sience! Even the dumbest scriptkiddie could just compile
> >> and run these tools from the original OpenBSD sources.
> >>
> >> Probably the whole "Polish Underground Group profess OpenBSD OS as a
> >> religion" is a big subtle joke? If so, well done and thanks for the good
> >> laugh :)
> >
> > If it is a subtle joke I sure like the screenshots of the install.
>
>However, note that the page is quite frank about what is being done,
>from the web page quoted above:
>
>- kern.zophie.privacy
>   This setting is responsible for process privacy in finger, last,
>netstat, ps, users, w, and who.
>   Value 1 turns on this feature.
>
>This, obviously, still doesn't make it very useful (if only because,
>even after you've mounted everything noexec, you still have top, and so
>on and so forth) - but the above should be enough to arouse suspicion.
>
>                 Joachim

Process privacy itself is done in kernel so top & other tools (like
lsof for example) will not work.
Ps, users, w & who are pathed to not show other users that are in &
this is independent with process privacy.

You may find OpenBSD that is on screenshots here:
http://nicram.sytes.net/openbsd/openbsd-3.9-i386-zophie.iso
It is extactly same OpenBSD.
& yes it is very easy to make it on Your own :) This is how KISS apps
should be made, even when they change something in kernel :)

Best Regards

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Marcin Wilk-2
In reply to this post by Tomasz Zielinski
At 07:18 2006-07-03, you wrote:

>On 7/2/06, Marcin Wilk <[hidden email]> wrote:
>>At 22:35 2006-07-02, you wrote:
>> >On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote:
>> > > On 7/2/06, Tobias Ulmer <[hidden email]> wrote:
>> > >> On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote:
>> > >>> Hello,
>> > >>>
>> > >>> Zophie is patch that contains new security features for
>> OpenBSD 3.9. BSD
>> > >>> license. I have not tested it personaly, but probably it's worth to
>> > >>> analyze it and maybe even incorporate. More info:
>> > >>> http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/
>> > >>>
>> > >> I normally don't take the bait, but this one is so cute...
>> > >>
>> > >> After reading through the diffs: (not supplied for added obfusication?)
>> > >>
>> > >> - add a new sysctl to the kernel.
>> > >> - patch some userland tools.
>> > >> - If this sysctl is set, supress certain information.
>> > >>
>> > >> Rocket sience! Even the dumbest scriptkiddie could just compile
>> > >> and run these tools from the original OpenBSD sources.
>> > >>
>> > >> Probably the whole "Polish Underground Group profess OpenBSD OS as a
>> > >> religion" is a big subtle joke? If so, well done and thanks
>> for the good
>> > >> laugh :)
>> > >
>> > > If it is a subtle joke I sure like the screenshots of the install.
>> >
>> >However, note that the page is quite frank about what is being done,
>> >from the web page quoted above:
>> >
>> >- kern.zophie.privacy
>> >   This setting is responsible for process privacy in finger, last,
>> >netstat, ps, users, w, and who.
>> >   Value 1 turns on this feature.
>> >
>> >This, obviously, still doesn't make it very useful (if only because,
>> >even after you've mounted everything noexec, you still have top, and so
>> >on and so forth) - but the above should be enough to arouse suspicion.
>> >
>> >                 Joachim
>>
>>Process privacy itself is done in kernel so top & other tools (like
>>lsof for example) will not work.
>>Ps, users, w & who are pathed to not show other users that are in &
>>this is independent with process privacy.
>>
>>You may find OpenBSD that is on screenshots here:
>>http://nicram.sytes.net/openbsd/openbsd-3.9-i386-zophie.iso
>>It is extactly same OpenBSD.
>>& yes it is very easy to make it on Your own :) This is how KISS apps
>>should be made, even when they change something in kernel :)
>>
>>Best Regards
>
>Do I understand correctly I could just cvs co usr/bin/who and use the
>official who and see who is online?

Yes because only process privacy is done in kernel.

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Gilles Chehade
In reply to this post by Tomasz Zielinski
On Mon, 03 Jul 2006 12:47:40 +0200
Marcin Wilk <[hidden email]> wrote:
>
> Do I understand correctly I could just cvs co usr/bin/who and use the
> official who and see who is online?
>
> Yes because only process privacy is done in kernel.
>

What's the point ?

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Francois Visconte-2
In reply to this post by Tomasz Zielinski
Tomasz Zielinski wrote:

>Hello,
>
>Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/
>  
>
Anyone know why this patch implement another sysctl instead of adding a
security level specificaly for process privacy.
Less specificaly, seurity levels could be patched to permit a mask based
implementation in order to mix features from differents security levels,
just an idea...


Best regards,
Francois

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

Wijnand Wiersma
In reply to this post by Tomasz Zielinski
2006/7/2, Tomasz Zielinski <[hidden email]>:
> Hello,
>
> Zophie is patch that contains new security features for OpenBSD 3.9. BSD license. I have not tested it personaly, but probably it's worth to analyze it and maybe even incorporate. More info: http://www.0penbsd.com/zophie.html, http://akcja.0penbsd.com/zosia/

Development cycle of OpenBSD4.0 support starts tomorrow and will be
finished when 4.1 releases?

Reply | Threaded
Open this post in threaded view
|

Re: Boost OpenBSD security - Zophie for 3.9

weingart
Wijnand Wiersma wrote:
>
>  Development cycle of OpenBSD4.0 support starts tomorrow and will be
>  finished when 4.1 releases?

Sure, why not.

--
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax