Date: Fri, 31 Dec 1999 12:54:08 +0200 To: lwn@lwn.net From: Serge LozovskySubject: article suggestion. New linux security software. Hi, there is a new software to protect Linux hosts. VXE (Virtual eXecuting Environment) protects UNIX servers from intruders, hacker attacks from network and so on. It protects software subsystems, such as: SMTP, POP, HTTP and any other subsystem, already installed on the server. There is no need to change configuration of existing software - just PROTECT it. http://www.intes.odessa.ua/vxe Article follows. Or you can get text from Overview page of VXE. Best regards, Serge. ------------------------------------------------------ VXE - Virtual eXecuting Environment Main problem with UNIX security is that superuser can do with system anything he wants. There are programs (daemons) which work with superuser privilegies, for example popd, sendmail, and accessible from network (Internet/Intranet). There could be bugs in any program, so intruder connects to such programs via network, exploit existing bugs in it and get a control over all host. VXE (Virtual eXecuting Environment) protects UNIX servers from such intruders, hacker attacks from network and so on. It protects software subsystems, such as: SMTP, POP, HTTP and any other subsystem, already installed on the server. There is no need to change configuration of existing software - just PROTECT it. So, VXE solve the following problem: protects host and particular subsystems, which work as superuser and can have bugs. This is the situation we have in real life. When the program works in superuser mode, it can access all resources of the operating system (OS). VXE creates virtual environment for each subsystem. In such environment only needed for normal work resources are visible and available for subsystem. Subsystem here, is startup program and all subprocesses initiated (forked) by it. Any subprocess runs in the same VXE that the parent. To affect any system resources, program use OS system calls (syscalls). VXE has means to describe what system calls, with what parameters are available for each subsystem. For example, it can be described (for file operation syscalls) that some files are readable and some executable, network operations unavailable (in case of POP server - it handle network connection, but doesn't make new ones) and this restrictions can't be broken even by a program with superuser privileges. These restrictions can be as smart as needed. If intruder gets a control over such subsystems, he can't use ordinary methods to sniff information or affect the system. Everything he can do in theory, using sophisticated methods, - is to affect the work of hacked subsystem, but not OS itself, nor another subsystems. Here, ordinary methods, are those, when intruder gets superuser privileges and runs command interpreter (shell), and ordinary utilities, such as text editor, copy utility and so on. He can't do anything without such utilities. For example, POP server doesn't need text editor and copy utility for it's work, so there is no such programs in VXE environment, created for POPD protection.