taking feature requests

Discuss and suggest new grsecurity features

Postby Sharky » Tue Nov 05, 2002 1:02 am

I would love to see an option in the next coming grsecurity versions that allows the built of chroot jails. you seet he way untrusted GID works? user can not Execute any file ? i would like something similiar to that however the user would BE locked in his home Directory with very few basic utilities he can use such as cd,ls,mkdir,rm etc... would do u think of that?
Sharky
 
Posts: 43
Joined: Fri Nov 01, 2002 10:12 pm

Postby Technion » Tue Nov 05, 2002 1:33 am

There are already hundreds of projects out there involving chroots.
grsecurity is a kernel based system.... whilst you are clearly referring to some type of shell of application. Why do you see the need for yet another chroot based security enhancement, in the kernel of all places?

Most likely what you are interested in is the chroot patches for OpenSSH.

But grsecurity has an ACL set for a reason. Try reading about how it works.

It also has TPE. Isn't that basically what you are asking for when you say "user can not Execute any file ?"

Finally, I question the usefulness of such a system. What are users doing?
Running a website? Why not force them to use an ftp daemon that chroots itself to a user's home directory upon login? That would kill the problem with an existing system, and probably more securely.
Any sort of development? They then need access to /usr/lib to compile anything.. your system breaks.
Email? Ever heard of POP3 without allowing shells?

Lastly, bash has a restricted shell option. Read its manpage. That may also be useful to you.

In fact I can't envisage an actual purpose to a system I could SSH into where my only abilities were cd, ls, mkdir and rm as you suggest, where there isn't a better way to accomplish it.
Technion
 
Posts: 15
Joined: Thu Apr 25, 2002 12:23 am

Postby Sharky » Tue Nov 05, 2002 11:57 am

hey Technion

well i did not say that the only commands they would need is cd and ls.
i said variety, and the need for such a jail root system is for users who must gain aCESSS on the SERVER for shell providing such as psybnc's/bnc/eggdrops. I did already build a kind of chroot sys with the help of Spender yesterday, I hope my point was clear.
Sharky
 
Posts: 43
Joined: Fri Nov 01, 2002 10:12 pm

Postby jMh » Thu Nov 21, 2002 2:49 am

I for one would like to see syslog-ng support :)
jMh
 
Posts: 6
Joined: Mon Feb 25, 2002 5:34 pm

Feature++

Postby SoulBlazer » Fri Dec 20, 2002 5:43 pm

The ability to control what log level grsec outputs kernel messages too, and the ability to send syslog(2) messages directly via the kernel to a remote host without the need to rely on a syslog daemon (I believe lids does this?).

Additionally the another GID that behaves like the Kernel Auditing GID system only for chroot logging. As it is any chroot I create prints kernel messages depending on what logging options I have enabled, I would very much like to limit this to only a specific GID I can tag accounts with.

Cheers,
SoulBlazer
 
Posts: 2
Joined: Fri Dec 20, 2002 2:34 pm

Re: MD5 check on binaries?

Postby TGKx » Wed Feb 19, 2003 4:57 am

Sorry to make big issues of small points, but wouldnt it make more sense to use SHA1 sums rather than md5's because of security (uniqueness) and performance issues?

blueberry wrote:Could we get MD5 sums on selected sensitive binaries (suid/sgid f.ex.)
that were checked against a central db before execution?

That way we could get rid of trojans and rootkits alike... Seen it done
in a couple of firewalls on Win.

-blue
TGKx
 
Posts: 50
Joined: Wed Feb 19, 2003 4:39 am

Postby kig » Tue Mar 04, 2003 7:44 am

Hi, a couple of ideas I had in mind after reading the grsecurity acl doc. Hopefully these aren't really stupid, already implemented or argued to death ;)

Would it be within the scope of grsecurity to apply process-level i/o bandwidth throttling? In particular, network interfaces and disk bandwidth. Or is this better left to, say, ip firewalls? And on the subject of throttling, could there be a percentage-based res_cpu or is it technologically infeasible to implement on kernel level?

The other thing I had in mind was per-user incremental restrictions, so that you wouldn't have to root-admin to further restrict processes you run as a regular user. This wouldn't have to be in kernel memory, maybe as a user-level daemon in a protected memory area or something.

Again, sorry if these are silly and/or useless suggestions. And good job on grsecurity, it's a great system, cheers :)
kig
 
Posts: 1
Joined: Tue Mar 04, 2003 7:09 am

Postby andutt » Sat Apr 12, 2003 6:10 pm

My tip and dreams of grsecurity, now i havent looked on the new patch to 2.4.20 kernel, maybe something are included there.

1: More logging, even if you have used gradm -a everything should be logged to kernellog for more easier tracing in case of changes of important system files.

2:Userroles that you can put on groups or on specifiec users, for example DBA:s can have access to the oracle directory and have the right to stop and start the database.

Keep up the good job!

:lol: :lol:
andutt
 
Posts: 21
Joined: Mon Dec 16, 2002 4:20 am

Postby Murphy » Sat Apr 26, 2003 1:25 am

Not such an important thing but it would help if grsec logs were timestamped so you know exactly when a problem occurred.

- arnán
Murphy
 
Posts: 12
Joined: Thu Apr 17, 2003 2:48 pm

Postby goodbyte » Sat Apr 26, 2003 8:14 am

Murphy wrote:Not such an important thing but it would help if grsec logs were timestamped so you know exactly when a problem occurred.

Doesn't your syslog daemon do that for you?
goodbyte
 
Posts: 32
Joined: Sun May 12, 2002 4:33 am

Re: MD5 check on binaries?

Postby aldem » Tue May 27, 2003 11:20 am

TGKx wrote:wouldnt it make more sense to use SHA1 sums rather than md5's because of security (uniqueness)


No, it wouldn't. The complexity of breaking even MD5 sum is so high that it is easy to use conventional ways to break into the system (direct access, social engineering etc).

Regular hacker will refuse to try to break once he sees something non-trivial (and MD5 is not already), non-regular (or someone who really wants to get in) will get in anyway, one way or another.

Unless you are fighting with someone like NSA, you don't need "military grade" protection measures :) Hey, if it is NSA or like, you are in trouble anyway, and even SHA-512 won't help you :)
aldem
 
Posts: 7
Joined: Tue May 27, 2003 11:12 am

Postby gkweb » Tue Jul 15, 2003 8:42 am

Hi,

i don't use yet ACL system but i have few feature request :

1 - i saw that we can globally disable ACLs, but i really like the feature provided by LIDS which allow us to have a free shell, and only one, free of ACLs system, where we can do all that we want.
It could be usefull for instance when i am connected by SSH on my server to be able to disabled ACLs temporarly to install and build binaries without disable the global security.

2- documentation request : i perfectly understand that all your time is dedicated to work and improvement of grsecurity, but more documentation and howto would be greatly appreciated. For instance, it's hard to know what options we will have in the kernel until we are in, a global description would be nice (a summary).
I'm dedicated to my security, i use and configure in depth some advanced feature of my linux server, but the fact that i lack of documentation about grsecurity blocks me at some points, for instance about ACL, i'm unable to use them and try to use per application learning mode without blocking all my system. I know grsecurity is a best to have, a must, better by far than other security product that i saw, but i think that few users give up (that i was close to do!) because of not finding answers on official documentation (i don't know so good grsecurity to do them myself).
So i think that more documention will help to the spread of grsecurity, and to configure it! :wink:
(more doc about cvs would be great too, not toward cvs itself (man is good for) but to retrieve a ".patch" file for instance...)

3 - I think it could be good to choose password algorithm cipher, that we could configured regarding our state and local laws, i know that you can't force people to use some strong key like 2048 bits also, regardless of the cipher.

4 - for production use : a special option at building time of kernel allowing to secure it disabling the possibility for gradm to manage it, i mean ACLs are loaded at start and no program at all can disabled the protection
(had to reboot on normal grsecurity kernel to manage ACL).
Of course if the grsecurity password is totally unbreakable and 100% secure, this option is useless :wink:

5 - last : keep it the good work !! the most important request :D

regards,

gkweb.
gkweb
 
Posts: 16
Joined: Sun Jul 13, 2003 12:45 pm

Postby fd0 » Tue Jul 15, 2003 7:33 pm

1 - i saw that we can globally disable ACLs, but i really like the feature provided by LIDS which allow us to have a free shell, and only one, free of ACLs system, where we can do all that we want.
It could be usefull for instance when i am connected by SSH on my server to be able to disabled ACLs temporarly to install and build binaries without disable the global security.


grsec 1.9 has 'gradm -a', which gives you a 'free shell' and in grsec2 you are able to define an admin role, so this is already implemented (if i got you right...).


What I would really like to see is ipv6-support in acl (binding, connecting and from where you can connect for role assignment). Perhaps we can switch to ipv4-in-ipv6 notation in general (for example ::ffff:192:168:0:1), that shouldn't be hard to implement...

But thanks for the really great work you did, Brad.

- Alexander
fd0
 
Posts: 6
Joined: Fri Jun 06, 2003 8:50 am

Local only roles

Postby RaYmAn » Mon Jul 28, 2003 3:30 am

Hi
I would like to see local only roles, i.e. like IP based roles, just only allowing it when logged in locally on the machine.
Regards,
Jens Andersen
RaYmAn
 
Posts: 9
Joined: Thu Jul 10, 2003 8:08 am

Postby msi » Mon Jul 28, 2003 11:32 am

i would like to be able to restrict a special group to a few programs. Together with the Trusted Path Execution this would be a really good technic to restrict the users permissions (keep in mind that chroots require enormous space and rbash is not a real solution too).
msi
 
Posts: 29
Joined: Fri Sep 13, 2002 2:37 pm

PreviousNext

Return to grsecurity development

cron