Regretfully, it turns out I won’t be able to attend the Linux Plumbers Conference next week in Portland OR. This means I have a surplus transferable conference registration (currently costing $300).
If you’re an established FOSS community developer who is otherwise unable to obtain funding for registration, shoot me an email. I’ll transfer the ticket at no cost to whoever makes the first appropriate request.
Following up on a couple of the comments on my last entry on SELinux memory protections vs. Zend Optimizer:
The policy does indeed look like it was generated automatically by audit2why or similar. This very clearly highlights a core problem with “learning mode” security schemes, which can blindly encapsulate dangerous behavior in a buggy application, or even an attack in progress. This issue was previously expounded by Josh Brindle in Status Quo Encapsulation.
Such techniques do have their place, although it is always recommended that such resulting policy be reviewed. Again, it is easy to find help.
It’s unfortunate that some vendors promote automated policy generation schemes as a core usability feature, leading many people to assume that this is a great idea, and even the way things are supposed to work.
Of course, nobody would ever capitalize on peoples’ combined fear and lack of expertise in an area and sell a “miracle” solution which doesn’t quite work. No, that would never happen.
As H.L. Mencken and some character on the single episode of CSI I suffered through said: “… there is always an easy solution to every problem — neat, plausible and wrong.”.
The idea that the problem of OS security can be solved effortlessly with the click of a mouse should be raising alarm bells in everyone’s heads by now, surely ?
I don’t know what a Zend Optimizer is, but it apparently does not play well with SELinux. I’ve encountered a blog entry by someone who has tried to do the right thing and keep SELinux enabled, after finding the code for a policy module which makes this stuff work.
I was surprised when I saw the source of the module, which includes:
allow httpd_t self:process execstack;
allow httpd_t self:process execmem;
allow httpd_t self:process execheap;
allow httpd_t usr_t:file execute;
When loaded, this will enable the web server to execute memory on its heap, stack or certain types of executable memory allocated via mmap(2). These are well-known attack vectors and disable some very important memory protection mechanisms. See Ulrich Drepper’s SELinux Memory Protection Tests for details.
The file execute permission is also very concerning, as it allows the web server to execute generically labeled user files. Combined with disabled memory protections, and third-party software using unsafe memory execution techniques, I’d recommend being cautious about deploying this solution.
What I would suggest, if you don’t understand the security policy, is to run it by your nearest SELinux community. Many mailing lists and IRC channels exist where people will be able to help: see User Resources from the SELinux Project Wiki.
It’s important to note that whatever this code is supposed to be doing (apparently, dealing with some form of source code obfuscation), techniques such as making a stack executable are inherently insecure and should never be necessary.
SELinux really is trying to help you here, and free expert advice is merely an email away. At the very least, someone will be able to explain what the risks are, and help you make an informed decision on how to proceed: perhaps it will be better for your particular requirements to allow certain accesses rather than disabling SELinux for the entire system. And if the code is not trying to do something dangerous, an SELinux developer may write a simple module for you to load to work around the issue.
I’ll be attending the Linux Plumbers Conference in Portland OR a few weeks from now. It seems like a really useful event for developers, and even a little unusual in that Linus will be giving a git tutorial.
If there’s anyone attending who’d like to meet up & discuss SELinux, especially distro integration issues and similar, let me know. Kees Cook from the Ubuntu project will be there, so if we have enough people, it might also be worth organizing a BoF session (it seems there are currently slots available).
Similarly, if anyone is interested in discussing the integration of MAC security with KVM (i.e. sVirt — a project I’ll discuss in more detail soon), also let me know.
How to build libvirt from git on Fedora:
mkdir ~/rpmbuild
(cd ~/rpmbuild && mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS)
git clone git://git.et.redhat.com/libvirt.git
cd libvirt
git checkout -b mystuff
export AUTOBUILD_INSTALL_ROOT=$HOME/builder
./autobuild.sh
The above will clone the tree, checkout a branch to hack on, build and test the code, then generate source and binary RPMS. You’ll also be set then to do local manual builds.
Thanks to danpb for clues.
It seems the videos from the recent LF Japan Symposium are up, including my talk on the SELinux project (139MB FLV). It’s really odd seeing yourself giving a talk — I’m making myself watch so I can see what to try and improve in the future.
And yes, “so” is totally the new “um”.
Here are the slides from my OLS talk, although the paper is way more useful.
For those who attended Dan Walsh’s talk on confining the user, you can find the slides here. Quite a few people expressed interest in them during the talk, and Dan sent them to me for some reason, so there you go.
***
Btw, my MacBook seems to never work with projectors (thanks to Paul Moore for lending me his laptop for the talk). It’s relatively recent and has the following graphics stuff:
00:02.0 VGA compatible controller: Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller (rev 03)
00:02.1 Display controller: Intel Corporation Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller (rev 03)
Nothing seems to work: rebooting with the cable attached (VGA text mode works, but not X), exhaustive messing about with xrandr, hitting the laptop with a hammer etc. Does anyone know something else I can try?
The SELinux Developer Summit went pretty well yesterday. It was a long day: 10 hours of talks and discussions with about forty developers attending.
I’ve just uploaded slides from the talks, which may be found next to their respective entries in the schedule.
Some of the talks I found particularly useful/interesting:
Btw, Dan will be demonstrating this today during his OLS talk on Confining the User. There’s a lot of really cool stuff coming in this area & the talk should be well worth attending.
Yuichi Nakamura talking about embedded systems and SELinux.
For those that couldn’t make it this year, I believe notes were taken and will be sent out to the mailing list. There are more photos here.
My OLS paper,
may now be downloaded as a single document, or as part of the conference proceedings.
The paper is a detailed update on the SELinux project, covering important changes to SELinux in the past few years. After the initial upstream kernel merge—which took three years and required LSM to be developed—the project proceeded rapidly in terms of integration into mainstream Linux distributions, as well as having its internal infrastructure overhauled to allow major improvements to both function and usability. A great deal has changed since many people first saw SELinux.
I’d recommend reading the paper if you want to come up to speed on where things are at in the project, and where things are headed.
I’ll be giving a talk on the paper at OLS this Thursday. It’s certainly a challenge trying to keep the talk length below 45 minutes without leaving something significant out. For some reason, my talks tend to self-adjust to about 90 minutes, and I always need to work to shorten them.
As a reminder, the SELinux Developer Summit is on Tuesday, and it will be held at the Ottawa Novotel from 8:30am.
Btw, I noticed Linux being used at Sydney Airport on the way over:
Andrew Morton’s slides from the LF Japan Symposium are now here (PDF), along with the rest of the presentations (scroll down). No video as yet, it seems.
I microblogged this at the time, but it’s worth mentioning here that 15% of kernel contributions are now coming from Japan, as also noted at the LF blog. (I’m not sure if the media has picked up on this yet, but it was also announced at the Symposium that the 2009 Kernel Summit will be held in Tokyo).
Recently, Michael Chen from Red Hat was quoted in an interview that India is the third largest contributor to Fedora. That’s “following North America and Europe”, so I don’t know what the per-country rankings are, but India may be doing even better in that respect.
It’s probably impossible to say precisely what’s driving these increasing global levels of FOSS contributions, but my impressions are that in these cases, at least, that conferences such as FOSS.IN and the LF symposia are having very significant effects.
It was also most likely similarly the case in Australia in 1999 with the introduction of CALU (which evolved into LCA), that local FOSS efforts were greatly stimulated by holding a technical conference which attracted a combination of leading international and local contributors. It was certainly a major factor in my own subsequent involvement in kernel hacking (which was at the time very sporadic, but became vastly more focused after meeting & seeing the likes of Dave Miller, Rusty and Tridge).
It’s interesting to compare how this works differently in different regions. India and Australia developed their own grassroots conferences, while Japan (and recently China) have developed conferences based around industry consortia. Whether this is cultural or a sign of the times is unclear, but it seems the ultimate effect is basically the same. More people contributing—not just code—to the community process.
A comment made by Toshiharu Harada during his genuinely entertaining TOMOYO talk was particularly interesting:
Merging TOMOYO Linux started as our mission, but now they are our personal goals.
While FOSS has become increasingly mainstream, it seems that the underlying dynamics of the community also remain the same, in terms of people fulfilling personal goals (technical, social, economic), as well as those of their employers.