IT Infrastructure - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  IT Infrastructure


Wield the Shield: How Trustworthy Is Your OS?



 By: Jason Brooks
2006-05-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this IT Infrastructure story.


  Table of Contents:
  1. Wield the Shield: How Trustworthy Is Your OS?
  2. ' Red Hat and SELinux '
  3. ' Novell and AppArmor '

Rate This Article:
Poor Best
Wield the Shield: How Trustworthy Is Your OS?
( Page 1 of 3 )

So-called trusted operating systems have been used for years to lock down sensitive data, but with security attacks rising, enterprises are looking to fortify their defenses. Red Hat, Novell and Sun are introducing trusted features. eWEEK Labs examines th

Trusted operating systems have been used for some time to lock down the most sensitive of information in the most sensitive of organizations. But with security concerns rising and changing by the hour, its now a matter of trust for any organization looking to tighten its computing ship.

Several vendors, including Red Hat, Sun Microsystems and Novell, are responding by adding and/or improving trusted elements in their operating system offerings.

Operating systems are designed to do what theyre told, and we tell them what to do by running applications. However, whether through bugs or malicious exploits, applications can tell an operating system to do things that no one intended or wanted it to do—at least no one authorized to do so.

Todays mainstream operating systems are trusting—they trust that the applications running on them are doing what users intend the apps to be doing. These operating systems havent been designed to limit applications from doing more than theyre intended to do.

This can be bad enough when youre talking about individual users, whose privileges can be limited enough to ensure that they cant modify system files.

But many applications, including many server apps, require some root-level rights to do their jobs in the first place. Once subverted, one of these applications can be wrangled into causing all manner of mischief (and into covering its tracks, to boot).

Enter trusted operating systems.

Resource Library:

Rather than trusting the apps they host, trusted operating systems include functionality thats intended to restrict the damage an exploited application can wreak by limiting it to only those capabilities and rights it requires to get its job done.

While trusted operating systems have a lot to offer, theyre famously tricky to manage—with tight application control comes plenty of room for incompatibility.

As a result, trusted operating systems have tended to occupy a slender niche and, in turn, have lacked the full attention of operating system vendors and of the software and hardware vendors whose certifications and support are critical when working with products that are challenging to manage.

However, things have been changing during the past few years, as makers of general-purpose operating systems have been pushed to include trusted functionality in their mainstream products.

Most notably, Sun, Red Hat and Novell are each shipping enterprise-class operating systems with built-in trusted functionality available out of the box—specifically, provisions for finer-grained access controls.

Accordingly, enterprises have more opportunity than ever to defend themselves from software exploits and bugs by relying on operating systems that view the applications they host with a healthy dose of skepticism.

eWEEK Labs has put the application lockdown options from Sun, Red Hat and Novell through their paces, installing and evaluating this lockdown functionality in the context of securing the Apache/MySQL/PHP-based Mediawiki Web application in hopes of providing a starting point for eWEEK readers own evaluation of these technologies.

Sun and Solaris 10

Solaris 10 ships with a bolstered access-control scheme, called Process Rights Management, that extends the standard Unix permissions under which processes have to run as root with a set of privileges that administrators can parcel out to processes as need be.

While Solaris 10 makes it possible to get rid of the superuser account, it doesnt do so by default (to preserve backward compatibility).

However, rather than break privileged rights into all or nothing, in Solaris 10, the privileged rights are broken into all or basic—with basic being a handful of specific privileges that together represent the rights that a regular Unix user would possess.

Unlike with a standard Unix or Linux system, however, administrators can use Solaris 10s tools to add rights to a process beyond the basic set, as well as remove rights from the superusers "all" set.

There are four ways to add and drop processes in Solaris.

First, there is the ppriv command-line utility, with which you can view or modify the privilege set of a particular process. This command is handy for debugging system privileges, and by running "ppriv -lv" you get a nice list of the 50 or so permissions covered under Solaris rights scheme.

Another route to fine-tuning the rights with which applications run is to use Solaris new Service Management Framework. Following a tutorial on Suns site, eWEEK Labs configured an Apache installation from The Apache Software Foundation to start as a non-root user. We then added the rights that Apache required to our non-root-users basic privilege set.

You can also adjust the rights with which users and applications run in Solaris 10 by creating roles with the needed range of rights. Roles in Solaris are akin to user accounts, but they lack log-in rights; users must be logged in to assume a role.

Finally, Solaris 10 offers APIs for building privilege-aware applications—those that can assume and drop the rights they require from the set of privileges theyre accorded by the system administrator.

When will Microsoft be trusted? Click here to read more.

With the variety of methods available for using it, and with the provisions throughout Solaris 10 for maintaining backward compatibility, Process Rights Management definitely takes some getting used to.

In our testing so far, weve found Solaris Containers feature to be a much simpler-to-approach means of process confinement, although you can use Containers and Process Rights Management together. While Red Hat and Novell are each working on providing similar functionality through Xen virtualization, the Solaris approach is much leaner, more manageable and, most important, more mature.

The trusted functionality in Solaris 10 is descended from Suns Trusted Solaris, the companys stand-alone trusted operating system.

Marking the completion of the merging of the Solaris and Trusted Solaris products, Sun plans to release this summer Solaris Trusted Extensions, a set of add-on components for Solaris 10 that will enable organizations running Trusted Solaris to move to Solaris 10.

These extensions will add to Solaris the multilevel security functionality of Trusted Solaris, along with desktop integration that will allow organizations to, for example, keep classified data displayed in one window from being pasted into an unclassified document in another window.

Next Page: Red Hat and SELinux.





  Reader Comments: Wield the Shield: How Trustworthy Is Your OS?
>>> Be the FIRST to comment on this article!
 


 
 
>>> More IT Infrastructure Articles          >>> More By Jason Brooks
 


x}v㶒s{̎Sj^-c[ޖΜY:II)|L~b^f8x %i'nKX@ B;ncr3 |C;ӸD;;o޼ !ߛz0idI[ O7FNͰ,U5}wU]99Ͱ5;#|%oފ;|9|@vx%O|kNF^4E(ߤp),JgMd{=B'~;qP8$P $I"@|2: [(>r@V:ALéM~!2}B>$%)m4ًшqGرwoE #B=VX¨a/uw- -GZ UX'[vb䅠QFE8 /TGg,g~s9"ScO$ա9NIp1:^!GAXSTH)עfFԴ;g>U[ zcgg` ,C$ne$DJHn6, \W.'0/<{e:O xO L"5rؗCQT`F,S-F jm]&IbT9Jupoںs[={0q*s܂LjϿΥ(tpѻ]HCKo-'WUP\ti\v?ߊ 9N|+oLZ.JXOLCaCr`rM5JQ߸+ᖃAQR]ju--bv=7a`%(0fe>ꟈe}}uI}|vti"|c9 WPAfPJe+% 9=y\toz{MN;'gc:4t Wh: N*/j 6O{uH{Z|kh` [sLwZ| ȹw ߟtd[W;$'MXO'䗳90勇oP-Ql_H.)łd|ě=si 2|d[:2* n^vjoX M[3@_x05y7>hr Ce)"8?ՃIhjaCGMabEK7*Ri%,)|YB*s2ݠPP3SeIJ7%DDqvXrEII8G9ac^IR^y1f>UKg<8zvwެ.e4ޙ͋~iI¥w9yn?\OH{⧋vz߆)UEsڅkYj7w 9QMusQVb1x2,%xQ:o+&`F_Զ [ö@ .U1RgVPP},|04;ujx?SϧnΦjۉ9~T$AE66^l-$ ,70}HOQI 4gX(W=ڭ, K!pn006rFRAтMx>tWTێ]6}l2wsw[LL)/.ލ1?`'0.Z-`$8J E ]q3߀o  ީM L< 3f5l@h0xzOx3 R]}$hI#2 Bг,`@o!`G`[ΠX;.˥\.y"M':Ν3r x&,Rȗ\VKᗄLP%i2miڲ/FNl("7(Vf)k`bu4D3VM'tsjڰ`ڄDWjm6!4݃i!isM?Ϊk^ UUK\w;ıa漇d*N+'pn7?>{@OM\nB8$/4<3_O#k[}7E2ۄTsuC LD2}MX 4ؐ|*\҅77:7O wj@nihI2#sT {`ILE2a9?%U3 \O &@ۋ)I :SX-G/4- 7ٲRb-YV+cP.߽akk)\翋Z!d[|aa2E^Q^BKHD@CBk%2=2P($mE6LInPy{8O>3l{`(`( *Kˌ0vIƓXjƧ%6%P $.z?LWLt9K[W), q^>O 18yy4!%2$N?&‰cN7,h\ܧmQJx-E\8L XO`]JCzjϯ +i{qa.[B\|znF >0|OU'@pdZ`0oZSIFeUf-0W~=VRQc?&i?怚H|N",ExÝ=mQr)'æsj?0Ւ´g9Ц ӈP+1"Y9/LU/V$J#ş/ox1FA? %hPcfJf M`.x8c\ޭSJ)SLA[ޙ0@ &WmEF@0RAq_RG"X @4 y} ,%OZ1 [(h[jpSE +nabItHM!rBfP{G~hS22 YӅVjLo=9,\VqW`1G/XW)G"M㻆H_ଯ>p,M0hO?I0n/w^:J}>t0yL {HE7t%_,ŤOM1CĚȲ-¯ OQ g'C\4CxZ &`Uio<3}&mff]{mYūɣojrfz퇛+K)s4 pomAȋW%7꣏uBIlLѡcDh~( 2F!><);+6gPכW]?g0MϦb6ѯk0ͮb R \+nx' رuね CsZ# >w:EL '5#"ف{Q!4t.ba;8ü$/.]>tf#,,Qhn1] f>qD-v> 9¢` sAb]|RR$R+A*ebฦSwm7ՙ/Yƽ"=yT*3jDLfЦ(H zV98$۳ WTdSdXΒvӲK*;RZ/LvjPz)J5RׂD"KP}9Su?~f<ȵWڽv?fAT˲X\ZK%UT-V岔P3ͳIQ!G.N6A)™N`+hssp:'S6509a K% 2)_tn߅SA|SatK[!u޺\A8n[qlY:UqmtLb?Rh0?PR݊R;ӔkEA=N>}1*$¾-ӧG+f+ C5tg\x@o0ɳl/$ΆB(% m\'ԅB.L]q]C0 HR{D Xbr(Z"UUrJ2R@B\N|NgxœmarmUWunɱZ*79o~.RȓC+cI`_qn0xbB+LpgGcc^C߫'/(0Ih_pSi;da':uzrh68^<-ۤI)?+uys9BjO}u9t\tWٱu_Uwuy֏ﵲBYйX>ֈiЉRV J_ĥ{}Ҿf̂sÌ$"Z M3dn,*V_FpBl~Yï2ka~ I5cZg.$95 %KLGtzWOѩ`{my2 |d2 ԟRJpMQV=#qŘAQEQ):*9Q{_akѷo%Aߐ>O/1Ok7tEh[(+hLYdsJ;t 0?X>6Ǚ]'i^J_"Tc8LL]7SB9k)$-ݱi'6ݳ ^nx!w,0q)՝R"0rAڸEO[4r[S-.ԑS)N yuX>Ƞg#uBUY8 t;`ckv(ϴGNxR7Ć_@)u^XL1k#xgiZ*tPwo=F'5I]; HdMq;f=;0G蹳)=`mdž-;oCЂ_ wBkG/ɍ'sXs\y]; + (q1~<,?ԝjڈbteOZ5i]~ꟁ&Gm_ |Q$ߓ[Н6 .5yׅO>4dwX GWE5|Of0{?BI턟ycCRI1sMIAҭҭUDYd)=QD)?0?|`@T6CGz fF=-Tvo{cs7g~UF͏7T2BkT;ϽߦOyZZƲLB1n&d/.%y j Oًw1ڬ/^˳%p>i*21.MTŏbof.Nr yPΟV2< إso⦗akݒ31C4v$| <5@/KУ/;ò,%#i u/HvPi'zFN )||/\`4e1:Lx{,X>v|܊GM/ b4aH4xpH{x! |@!ir,W? LL +(<~pnШfSoԸXc 9_[3 , ׊9 ّiJ19Sq[,*4Ȱ3^;-BVʚ&.0,30ԥyyOux;裷%EϣC}VbQКAf9wܣێjY*Bɒ+vkH=+RCye"QcnZ|pݫOsSFei˸'{:$۞]*U =ձ`J*G_T- &Aqbyi9nH\"Q PJcF2p#иނn ?I aѡ$@+}OFxPjJ8r1cX,MPˇ WsVYq95tSc3бmPfC"χ74C^&2$|{.a! wz@E?M0mnPiz|sW KBQK8%`$TkF TflI$Wb [TG^DIV™`<@%ky,F">M.m(lZ| ofsZ[1 rH2Ku'#͊PT !Y }9 es*5b7riS&*ˤ*;2\MаzJ·0 {7E:g,EQTx*@uyG* X9E'51+*dE !$C޸5SП$[#Ƹ77KRi R}!c:8DR@iXL@OGC+ɣR N3˸¢CHޞ˰jL,#Ecͭoo'fRL]v~7777xfZҌ{6qw[8\sCO*NPzF~[w{‰K6(*9c@ӌwx|󄂧nP6|[j>ĆӾB_Ɋpdp/@B;2ƆNP||PRjڌp|(+%8qjfm 5þ!~+j.}Q4qbx֏햀 bE:xУ:uՌXoesj_ڛjY7ߨmxm1_@*yS@$pH˯:&W3O&E-ͭ_ҎIm<'O촉`KO` W6.tW?α j}At{[xp=O⁉WVD%53hMN!ɍiLզ*Is{A%WV4 J lX[8,OŊi{Ou]@ZEY6bVsg,$*h %}%?ۧ`N;Σ75؇[O/%{¡YIj|vbE>$T / S*e,u,vn&=̰9qb98\ O9.y~?yLæ;w%(jb5?}Wb闲QΑgHSY[5_'}ӈaT7b11Y|Gj sTaf#njCdܒ/.LUs~( *X^3D *ѿ ;q/+} ҹ(iZP_^^1ΐ>qCb$J7k7zaS 0mID ̶wLfSx-k fa:&M]Ὅn7TO~0:2f9ŬԿ I?I04!M24B?HC^B^(˵M<2It>ɣڒ|MJo @ %vSJC aO88]8cII%+ǁE!tCs<ӆsxQҲsZ 36qNGeѴëB.]3I /Uҁ\r^::XuZ.˨x'f`˥5fL9P;qU:'0*BMEWTChRfxkutmN󼦨!Zy <׶L8Zy kֵn&9.m'hbzBRKoV;C'ܴDNdW j.Gn&C4F>PHt.%YM7Lv tMᗚkz`Kp-C3,tsHTa6 +E,W*:丸cGkTUj%r%XsYL ,TO8粈Vuζücn\VJZ%y[GRa)zQOq%>"Ad҃VHԤ^=kȚXOتtJ մhHzQG+I XP0“p(WR#= hp~=l@1"6r?Ec4*&H;W'wzSS-#"&u'w[S;"΀௹oh{ĉ̽Og-<6Sod""@ՈMlcV\oz~}C@GgD&'4*țh@S}$Bi5x$ 'tI<R+)pfAh!G4υ%؂ֽ=gC7L6 >B8!aJ jח=@*bY$u28Cc03IF2*mG&/׽nrn$VW,YC) Q?p%xe MY3:#&|o!װ5c? _'+*(q5 E b{GTƩ;fFP _@1Yɓ!ET&}fA??$~K4O4SJTmf$|s ^[80&X`42E,Ei<:uA~2? c:4t 25L>knldaQ*I|8+M U>0(-ŌC\ФIt ٜeW`Dz\N헾t7RoYݬf/cǮiBR( ?h%GF􌆊}xɺ3SSI6'Do`9暭O{MZ&GUӽ$G ¶-J-yuO>w>v.Wם~yjbv>L5mKLJY22 6SfT}h"dT*bK x5< /%Lqx&)(PWٌ/!*bTթuL,4VO!~)Ԋkm855^LW%ǎuehM/GƐUiz63af1hOu{qt/۹fhRs`_׌k(^]~NmewQ_]~48igCSi}Cg(kuVwNrIF9?t.3ʡ5eOy|s_d/}/2{ȠE^^d'ecFeQ~0{ s!?0~ׅw3?]/ rqWU?{^}~_V_cV91@rߛ o2ڿ\'2u S.ry/ 苬 OY射<(? }V<_`fkWt1yF9Я!ߧoEfldڹ:$+ ]Q%"=UMk[M2n؀ ȣ{i K{J%zH\+էل@C6_{#uO'gNW|4C빼sĤ^ WsU}ӉzZ=Ś/J̙Ym 96բOD_5L#l,Y |e8Ntg$1 }^f6&)Lݞ܃~en7}fn_X` ~iMnڧ͜Gp~k;ُϋGkwե |3/߆zHꟓ'<+<y-xLԸLG0oQV" #5 SMۧ<|eR7㴠A7}x 0AחU}>gF~Ǡ!ӏiͩHØ#ሾؿ H-L{HN5pL}kM jRՐu9`ùf@$;?Uh,uP$W_R-W+w;5}BȊ(KT#}ˡ`tP.U&)K=g# .M^4 Pu'!pC>J5!))X16 z[o<2۬x,C;W%@)8 Lo 8j/"vRᵧ1W!-\ƙg?c 5? }{[0fWZ:fAm=2fj Y |Y0L9 hwm6=Ǿw&=BM 갓x7c^=F.T73W=wwx0.=V@UuÈC 1,PEY/Du[1\.5(l$9=ASh4ϛ5yX9%c"m%y+L8(نWxH*Hжx&f?J|Nb/@(H2!Ӕc*=5<*P=eښS;]av",ݤd/+1bBO%vlHYUҎ_O.Ϻ^!Ќ#B.܎OF;)0XPyFoy㲁!:}`S F &11|0j;;5m8Te]RZȶz SϞ~l]O(Co݂k\+<>bi/ L.TGY"s*>% /1-i?νecC`c 2|?e Lp8{g!(D0=Ts^nT <+Q <&b`#]A&n\fn[ƏY$ hWa.&e;1KLP`O3MlB 2 G8"U];x9kԋoLa^|˼32zKeuݎ2RWtmk.!Ҷ\WŔ  ]'[ڧ3Й?-{e[Mng_X (M" LwE_7Qlãō5,cܫ--<P0_A~:?c9Vqٶ75Pڪa#¶U4-_ +l+V +߶ӣKWVc׶2X!)I;u[__\rlX`^|ֹusϏp`2ug^>W'8K)IR y2 !γ\xYe~҅N*I,_ڡQd+8*)ؐs k`$bOP1,4o7;0Ux|-h\l};U{r,S{d0#žEr츏4Quࠂ.^3 {e(75wSF \LY 33}v=G mr?q,r?\4IdibcL0g"ډo^ߡY wXCT]E(gܡ,Ir}G:z/j[&wF LwF pĽTx} z(>5*>Kv:pxJ5Zp #.`t G yPqhӮH,8#wLd+Btm(d:rF}cI~TOLe57!hr+[h޼= /Oc 6, \xj&B'VI4;^NT~B2`j jcb!I_ߨcH'耏V"(\q V#e:xwǏވ"3{153pFHq?̣sM6?=1fͱ {7 uZ/;x2ƲM%.2˱gu<ɷArhl&lu3t r"__Oա=z{V ΅Yo9XPٷ#ֳa-6gA"‰z@HI >[>RQC#p*Cm :&ܹ%$B$e\%:IMXe7zA 0a7ygwRM ߉fJy;{V(ͣ婹i23([? !^Jg3F ƭԁg~F#=<\dsлji(\@}ZֵOv yI_ R3T C\L yyop_/mZ1?9ȥMaze Wtm&RQgtBeNXc[y֑߬$iqqΤ&ax4|IQPpyQr#cq- ;3xcs7"qkrl9Cʳv-tT3pJ4r'n$M,|Y$#Ћ),ٔIH0x;wCRȫya O/g j5aA3r2ǩGN27GZJ#[+գ;KnyRuSL>,`DCR?7*tJXU*;-` TS0e4 cDZighTC]%X:-e;MfG KXRMn_Ypp+0#FZ3[ Km鼽5d>8^E!ЕbY¬^^ad;hT8oڝg%a x:uVG ܢu'4 !q w:9\OV;Aͼid`P3DBG#x`Wq.Hw \(+H(BbV>Kt20En:ўHZ1[ 0t͗mئemlA5t#: 1RMx:qan)n