QubesOS: The security oriented OS

Discussion in 'all things UNIX' started by wearetheborg, Aug 28, 2010.

Thread Status:
Not open for further replies.
  1. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Is that Joanna Rutowska's (sp?) Linux distro?
     
  4. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I've been using the 'security by isolation' model regularly since 1999 through full platform/os virtualization, not including past older systems, but this is the first application virtualization aka AppVM/disposible VMs or 'container' for security that I've been really excited about (and I've probably looked at all of them) mainly because of Xen.
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I might try it out just because Joanna is hot and because it's Linux. :D
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What is the download link? Is it a live CD?
     
  8. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Joanna R's blog dispels some of myths that Linux is 'safe' due to seperate user account ?

     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    QubesOS.

    It looks like it is a source code (git) release with a Wiki and installation instructions.

    -- Tom
     
  10. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Woa, that was a bad blog post. The point of a user acount is not to protect the user accout, but to protect the system itself.

    I wonder if AppArmor/Selinux can mitigate the X vulnerability she is talking about.
     
  11. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    If that was the case, in the last Pwn2Own, the Ubuntu machine couldn't be hacked whereas Mac and Windows fell, so if there was a known hack, I am sure the talented folks would have exploited that to the max.
     
  12. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Maybe she means the kernel vulnerability which was patched recently..http://www.ubuntu.com/usn/usn-974-1
     
  13. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    If it were that easy to log keystrokes from a user account, we should have some keyloggers out there that do just that. Yet, where are they? I don't see any keyloggers that do not need root to install themselves.
     
  14. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Thats cuz most people are on windows, as admin. :D
     
  15. katio

    katio Guest

    No, she's talking about Xorg having next to no security BY DESIGN.
    Here's a summary: http://plash.beasts.org/wiki/X11Security

    Default Linux Desktop security is a joke. Servers can be hardened quite easily to the point that even a skilled and motivated hacker only has a realistic chance through social engineering.
    Breaking into a Desktop is more of a question of how much a 0day will cost you or how difficult (i.e., easy) it is to find an exploit in one of the bloated and poorly written popular gui apps. Once you have one there usually is no additional layer of defense nor a guarantee a break-in will at least be detected.
    QubesOS seems like a relatively simple approach to fix this, don't think it will catch on beyond "security hobbyists" though.
     
  16. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Well that sucks...
    I guess I should do switch to a console via CTRL+ALT+F2 to install apps, and not directly log in as root in xterm...
     
  17. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Is that right? Then where is all the malware? Where are the stories of people getting cracked? Where? There are millions of desktop Linux machines out there. I hang around the Ubuntu security forums and the only hacking stories I hear are through people leaving VNC or SSH servers wide-open (with no passwords). I have never once heard of anyone being cracked through an exploit in an app. Never, not once. And don't give me that line that "the hackers don't care." That's complete and utter nonsense.

    It depends on what the GUI app is. If it's something that doesn't have network access, then a 0-day does an attacker no good. If it's a browser, then there are already protections for that. For one, the browser runs with limited privileges. Second, there are MAC systems like SELinux, AppArmor, SMACK, TOMOYO, and grsecurity. Third, most open-source browsers are very good about quickly releasing patches.

    Am I saying X is perfect? No. If there are ways to cheaply improve the security of X, then so be it. This is a topic that has been debated for years, so it's not like someone has just discovered it. The sky is not falling. There is no immediate threat.

    Unless the attacker gets root somehow, a break-in is not difficult to detect.
     
  18. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Not really. It's just that people like you don't like to hear these things, which shake the predefined conceptions you have built your entire outlook around to the core. Which, unfortunately, doesn't make them any less true.
     
  19. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    When we see Linux getting pwned or hacked we will talk, right now, there is none and all are conjectures and hypothesis, perfect wet dream material for Win fanbois. Of course Redmond must be waiting for such day with baited breath.
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Let me see ...

    She was a windows hacker and she got hacked.
    Then, she started using pills, and it got popular, but who cares.
    Then she is using mac with three browsers for stuff, an overkill or something.
    Finally, she's criticizing 40 years of work done by some of the brightest minds.

    I is disagree ...

    Mrk
     
  21. katio

    katio Guest

    Widespread malware or frequent successful attacks is no indicator how secure something _really_ is. I agree there is no "imminent" threat to worry about but when you look at it on an abstract level "default" security is weak to non existent.
    Think about it more as in how easy it would be to launch a targeted attack. Besides that's not something you'll hear a lot about because high profile targets usually don't talk about it to the media.

    That's not true. Download file with browser, open with with default app, buffer overflow, shellcode -> pwnd...

    Not very limited when you want a graphical browser, i.e. running in Xorg. Ever have a terminal open with sudo/root logged in?

    What's so difficult to understand about the term "default"? Firefox in Ubuntu for example is entirely unconfined, debian has no MAC by default, Fedora is probably the only distro that comes with a pretty good security framework ootb, especially when you use the selinux sandbox.
    However, have you actually tried all those frameworks? Full grsec doesn't really work on a desktop, you have to do a lot of exceptions, especially Firefox doesn't play nice with PaX. SELinux is difficult enough to understand on a headless server with a handful of running services. On a Desktop configuring it is so difficult that no one really has figured it all out yet so most desktop stuff runs unconfined. AppArmor is a similar picture, only the high risk apps are confined "by default". SMACK and TOMOYO I haven't tried yet so I can't comment on them. Based on their usage share however I doubt they are "THE" solution to aforementioned problems.

    I don't think you'll see anything in your logs when Xorg is just doing what it's supposed to do.
     
  22. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    It takes root to get pwned. How do you propose this file in userspace gets root (social engineering notwithstanding)? Just because there might be a vulnerability in an app does not = root pwnage.


    --sigh-- You are one of those people that are confused about root/sudo and how the privilege separation really works. Just because I have a root shell open does not mean my browser is suddenly running with root privs. Just because I am running on top of Xorg does not mean all of my apps are running with root or setuid privs.

    Define "unconfined." Browsers on all Linux distros I have used run with limited privileges. That is the first line of defense. Also, Ubuntu compiles Firefox with full ASLR/RELRO/NX protections as well as stack smashing protections. Thirdly, although it is not enabled by default, there is a Firefox AppArmor profile already in every Ubuntu installation.


    Yes, I have used almost all of them. I have used SELinux on Fedora and grsecurity on my hardened Gentoo box.

    It isn't the easiest to configure, I'll give you that, but Grsec with PaX is an almost fool proof defense.

    Ubuntu has a handful of AppArmor profiles for the most high valued daemons/services. One can also make one's own profiles rather easily (it's easy to do in fact). I have over 20 apps confined by AppArmor profiles, though I think it is overkill on a desktop box.

    Again, if Linux were "the least secure OS" as you claim, we should be seeing at least a few compromises on desktop machines. But we don't. The proof is in the pudding.
     
  23. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    I believe that was related to Xsecurity- Firefox running in user account, root terminal open, and firefox sending its own keystrokes to the open root terminal...
     
  24. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    It takes root to pwn your system, which nobody cares about anymore, since reinstalling the OS is trivial and there's no benefit to the attacker. It doesn't take root to pwn your data, which is what the hackers are really interested in.

    In the context of this discussion, "unconfined" by "MAC systems like SELinux, AppArmor, SMACK, TOMOYO, and grsecurity", obviously.

    I'd agree with you on this. Given how Windows lack similar defenses as well, that particular claim does seem like a bit of a stretch.
     
  25. katio

    katio Guest

    Bump :)

    Just wanted to tell you that I installed Qubes OS and surprisingly this Alpha hackery even works, dare I say well. Didn't even have to compile a kernel. Simply had to follow the instructions on their wiki
    http://qubes-os.org/trac/wiki/InstallationGuide

    Has it's rough edges of course, error messages can be a bit obscure but if you know a little bit basic UNIX stuff, xen and yum (or have some time to go about trial and error style) it's all pretty easy to figure out.

    One problem I see is the focus on Intel (lock in etc.) for one and TC (see rms ;) ) on the other hand. There is a trend of moving security into the CPU space, ring -1 or what they call it, that means proprietary blackbox like code, or security by obscurity? Isn't that opposed to what we wanted to achieve in the first place?

    updated....
     
    Last edited by a moderator: Sep 11, 2010
Loading...
Thread Status:
Not open for further replies.