Linux in the news
All in one big page
See also: last week's Security page.
News and editorialsB1 sample source code from SGI. SGI has released source from a number of modules in its "Trusted IRIX" system as open source; it can all be found on the SGI open source site. The released code implements useful features like mandatory access control, capabilities, access control lists, audit trails, and more.
Note that nobody should expect to plug this code in and turn a Linux box into a B1-secure system. The code has been released, but has not been ported to Linux - as the web site says, "the code that comprises this release will not work, it wont even compile. It is provided soley [sic] as a reference base for interested parties to investigate." Some of the code duplicates work that is already in the Linux kernel (capabilities), or which is well developed outside of the kernel (access control lists). It should, nonetheless, be most useful for those working on highly secure systems. (Thanks to Jose Nazario).
The first release of Sentinel is out, see the announcement for details. Sentinel attempts to find hosts on a network which might be running password sniffers by using some clever techniques to find ethernet interfaces which are running in promiscuous mode. Most of these techniques involve sending packets with legitimate IP addresses, but with bogus ethernet MAC addresses; systems running in promiscuous mode will often respond to those packets. It looks like a worthwhile tool.
The TrustedBSD project has been launched. As detailed in the announcement, this project is starting with the FreeBSD code base and adding a number of new features. The list includes a fancy authorization framework, capabilities, access control lists, and much more. The work, once complete, is intended to be merged back into FreeBSD.
New Linux security site. SecurityFocus.com has set up a new Linux focus area with information of interest to Linux users. It starts off with an editorial from Bruce Perens.
Security ReportsA vulnerability in Linux trustees has been reported. The Linux Trustees patch appears to implement a simple, access control list-like permissions model that allows different access permissions to be defined for different groups on the same files. It turns out that, through the use of very long paths, certain denial of service problems can be created, and the possibility of more sinister problems exists. Those using Trustees should upgrade to version 1.6.
GNU locate in Caldera OpenLinux 2.4 eDesktop is run automatically out of cron as root, and allows any user to get a listing of any directory, regardless of permissions. The short-term fix is to disable locate in cron, while waiting for Caldera to come out with an update.
UpdatesFreeBSD security updates. The FreeBSD project has issued a security update for a root compromise problem in healthd, as well as a fix for the ircii vulnerability.
ResourcesIntel to Open-Source CDSA. Intel Corporation announced it will release the code for its Common Data Security Architecture (CDSA) software. A specific open-source license has not been mentioned.
Intel getting inside open source (ZDNet). ZDNet looks at Intel's Common Data Security Architecture, which will be released as open source in May. "[CDSA] is essentially middleware with capabilities that can be called on or used by applications, such as e-mail or e-business software, to provide a level of security. It can, in other words, be used to encrypt e-mail or secure electronic transactions." (Thanks to Bertrand Fremont).
Section Editor: Liz Coolbaugh
April 13, 2000
Secure Linux Projects Bastille Linux
Khaos Linux Secure Linux
Security List Archives
Firewall Wizards Archive
LinuxPPC Security Updates
Red Hat Errata
Yellow Dog Errata
Security Software Archives
ZedZ.net (formerly replay.com)
Comp Sec News Daily
Linux Security Audit Project