[LWN Logo]
[LWN.net]

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page
All in one big page

See also: last week's Security page.

Security


News and editorials

B1 sample source code from SGI. SGI has released source from a number of modules in its "Trusted IRIX" system as open source; it can all be found on the SGI open source site. The released code implements useful features like mandatory access control, capabilities, access control lists, audit trails, and more.

Note that nobody should expect to plug this code in and turn a Linux box into a B1-secure system. The code has been released, but has not been ported to Linux - as the web site says, "the code that comprises this release will not work, it wont even compile. It is provided soley [sic] as a reference base for interested parties to investigate." Some of the code duplicates work that is already in the Linux kernel (capabilities), or which is well developed outside of the kernel (access control lists). It should, nonetheless, be most useful for those working on highly secure systems. (Thanks to Jose Nazario).

The first release of Sentinel is out, see the announcement for details. Sentinel attempts to find hosts on a network which might be running password sniffers by using some clever techniques to find ethernet interfaces which are running in promiscuous mode. Most of these techniques involve sending packets with legitimate IP addresses, but with bogus ethernet MAC addresses; systems running in promiscuous mode will often respond to those packets. It looks like a worthwhile tool.

The TrustedBSD project has been launched. As detailed in the announcement, this project is starting with the FreeBSD code base and adding a number of new features. The list includes a fancy authorization framework, capabilities, access control lists, and much more. The work, once complete, is intended to be merged back into FreeBSD.

New Linux security site. SecurityFocus.com has set up a new Linux focus area with information of interest to Linux users. It starts off with an editorial from Bruce Perens.

Security Reports

A vulnerability in Linux trustees has been reported. The Linux Trustees patch appears to implement a simple, access control list-like permissions model that allows different access permissions to be defined for different groups on the same files. It turns out that, through the use of very long paths, certain denial of service problems can be created, and the possibility of more sinister problems exists. Those using Trustees should upgrade to version 1.6.

GNU locate in Caldera OpenLinux 2.4 eDesktop is run automatically out of cron as root, and allows any user to get a listing of any directory, regardless of permissions. The short-term fix is to disable locate in cron, while waiting for Caldera to come out with an update.

Updates

FreeBSD security updates. The FreeBSD project has issued a security update for a root compromise problem in healthd, as well as a fix for the ircii vulnerability.

Resources

Intel to Open-Source CDSA. Intel Corporation announced it will release the code for its Common Data Security Architecture (CDSA) software. A specific open-source license has not been mentioned.

Intel getting inside open source (ZDNet). ZDNet looks at Intel's Common Data Security Architecture, which will be released as open source in May. "[CDSA] is essentially middleware with capabilities that can be called on or used by applications, such as e-mail or e-business software, to provide a level of security. It can, in other words, be used to encrypt e-mail or secure electronic transactions." (Thanks to Bertrand Fremont).

Web-based firewall rule generation is available from the Linux Firewall Design Tool, put together by Robert Ziegler. Answer some questions, and it will generate a set of rules, in any of the ipfwadm, ipchains, or iptables formats. Note that the site requires Javascript to be enabled in your browser to function.

Section Editor: Liz Coolbaugh


April 13, 2000


Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

 

Next: Kernel

 
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds