Moving To Fedora?

I’m currently downloading Fedora, which I’ll hopefully have installed and set up soon. I’m going to give Cinnamon a try and see how I like it and see if I can get used to SELinux.

I’m not so unsatisfied with Ubuntu that I need a change but there are features of Fedora that interest me. I’m sure that it merits some use.

I’ll post my thoughts and details on Fedora in the future.

I Finally Set Up GUFW – A Graphic Firewall For Linux

GUFW is a graphic user interface (GUI) for iptables. It basically lets you create rules for iptables but with pretty pictures and the mouse instead of command line or config files. I could write a guide… but this screenshot basically says it all. Apt-get update && apt-get install GUFW. Then add what you see below for DNS, HTTP, HTTPS, and you can ignore the 7070 rule. If you can do that you can set it up for anything. There are plenty of guides on the internet and for a program as simple as this I really don’t feel like I need to throw another guide out there.

Image

As you can see I’m filtering both inbound and outbound traffic. I honestly don’t feel that outbound Firewalls are worth much – the code has already executed locally – but it’s another layer and if it isn’t too annoying I’ll leave it on.

What I’ve done is allowed for the ports necessary for browsing and for IRC to have outbound access but that’s all. No other ports can be accessed by user applications on the system.

 

My Windows Isn’t Super Secure

While my Ubuntu install is configured with AppArmor and Grsecurity/ PAX (although due to some issues with Ubuntu I don’t get the full benefits of PaX and I’ve been too lazy to sort it) my Windows only runs EMET. That’s the only program I use for security – DEP is Always On, SEHOP is Always On, ASLR is Opt In (damn AMD.) 

On top of that I rarely boot into Windows so my Java is currently three patches behind and I go days without Windows updates etc.

Going from my much hardened system to that is strange. I could probably do more but not without third party software.

Explaining Seccomp Filters

The seccomp filters implemented in the 3.5 and Ubuntu kernel is really cool and I’m bored so I want to write about it (hooray for having a blog.) I’m going to explain what seccomp filters actually do at as low a level as I feel comfortable. I’ll leave some stuff out and gloss over a few other things because either 1) I personally don’t know it well enough 2) it would take forever to explain. I want to make this as accessible as possible for those readers who aren’t necessarily familiar with all of this terminology.

Seccomp Filters are a compile-time whitelist of what System Calls can be made by the compiled program. If a new system call (one that hasn’t been whitelisted) is called the program closes.

What Is A System Call?

A system call is basically how a program speaks to the kernel. Programs are basically (or literally, I guess) instructions, they want to get something done. Oftentimes they have to (for performance or ease of use reasons) outsource that action to the kernel. They do this through a system call, something like write(). The () is your parameters, so you might have (and this is not a real world example at all nor is it even correct, in reality a write() creates a file buffer among other things, passing the information to the syscall) write(“hello world”) and your program passes that to the kernel, which sees “the syscall is ‘write’ and the argument is ‘hello world'” and then it does what it wants to do and you end up writing “hello world” somewhere.

What’s The Issue?

There are a few issues with this. The first is that the previously mentioned kernel is the highest level that software can reach in terms of the OSI model of security. This means exploits in the kernel are also going to be at the highest level and they can practically do anything at that point including directly interact with your hardware. Following this it’s only possible to exploit code that you can interact with either directly or indirectly. A system call is a way for programs at any level to interact with the kernel therefor it’s a way for any program to escalate to kernel level via an exploit.

The other issue is that there are a lot of system calls and new ones can be created over time as new kernel features appear. This means new kernel attack surface and it also means new capabilities for programs. What if I don’t want my program to be able to write? Well it has access to write() so I would have to find some other way to stop that like LSM – but there’s a lot of other syscalls not so easily stopped. By whitelisting the syscalls we implement absolute least privilege, meaning that programs can only use the syscalls they really need.

The short answer is that abusing syscalls allows for new and unforseen behaviors as well as the potential for privilege escalation. Filtering syscalls directly limits kernel attack surface and what programs can do.

Where Filters Really Help

To understand where these filters really help I think I should explain the concept of least privilege. Least privilege is the implementation of a program in which the program only has access to what it needs and nothing more. This means if there’s files A-Z on a system and the program only ever uses A, B, C, then it won’t have access to D-Z. It may also not need Inter Process Communication abilities with various programs, the IPC may be restricted too. Maybe it shouldn’t be able to execute specific files, again, limit it. The idea is to make it so that it can do only what it needs to function and nothing else.

This is one of the more important concepts in computer security. What this means is that if the aformentioned program gets exploited and my critical file is at E the hacker can’t get to E, they’re stuck only using some useless config files at A-C. And maybe there’s a way to exploit program F but, again, they can’t access F so the visible attack surface is reduced.

The simplest way out of a good sandbox (one not full of holes or, in our case, letters) is usually privilege escalation and a kernel exploit is great for that. So if the above program is exploited and then I send it write(exploit code) I’ve made breaking out a lot simpler.

This is where seccomp filters are best used. Reinforcing least privilege. They directly reduce visible kernel attack surface thereby reinforcing any strong sandbox.

And Hopefully…

Right now Chrome, OpenSSL, and a few other programs have implemented these filters. It’s not too difficult to implement them and I’d really like to see it in more applications, especially running services. In an ideal world everything would have seccomp filters as least privilege should be applied universally but I’d settle to have a few services like cupsd running with one. The biggest issue is that third party libraries can have compatibility issues.

What I Left Out

I didn’t go into libraries and APIs, I just kinda combined the ideas into the system calls themselves. For those interested in programming you already know what an API is and you probably know what a library is.

If I got anything wrong let me know. I’m a crap programmer and I extrapolate a lot. If you notice a gaping hole in what I’m saying point it out (be gentle) and I’ll be happy to learn something and will correct it asap.

The Reasons I Use Linux

I was a Windows user my entire life. I’ve only been using Ubuntu since April but there’s a few reasons why I can’t imagine going back.

1) Upgrades

Upgrading on Windows means buying a new OS and, in the case of Windows 8, getting used to an entirely new user experience. On Ubuntu I can use pretty much any UI I want and the experience is pretty much the same even if the back-end changes. Yes, moving to Unity would be a huge change from Gnome 2 but, unlike Windows, I can always move to Gnome 2 if I want.

That brings me to my next point.

2) Freedom and Choice

I can do anything to my system. The source code is available so I can modify it at the absolute lowest level if I feel inclined. I personally am able to compile my own software, including my kernel, to ensure that my OS is tailored down to the last byte for me.

3) The UI

I don’t get Unity hate. I love it. I have all of the shortcuts I could ever want (Super + W, Alt + Tab, Alt + Drag, Super + Direction) and it’s working very well for me.

4) Security

I don’t really worry too much about my personal computer’s security. I compile a pax/ grsec kernel because I can, that’s literally 99% of the reason I do it. But it’s because I can do that that I feel more secure on Linux. AppArmor doesn’t have anything similar on Windows, AppContainer might possibly change this.

5) Updates

Windows is such a pain in the ass to update. Update Flash, update Java, update my browser, update Skype, update Pidgin – all of this has to be done individually and it’s a pain. On Linux it’s all handled automatically, which makes for a much easier and more secure time.

These are only a few of the reasons I chose Linux. There are a thousand little reasons. I keep Windows around for games and a few other reasons but I rarely boot into it.

I’m Back On Windows

It’s a bit of a long story but I’ve completely screwed up my Ubuntu partition. I reformatted it and all was going well until ATI driver issues, which I just don’t feel like dealing with.

It’s not really a Linux issue… it’s just a “tired of getting my computer to work” issue. Honestly, Ubuntu has been amazing and I feel it’s significantly more secure than Windows. It’s been really easy to use up until now – I just don’t feel like dealing with it.

I’m just gonna make due on Windows 8 for a while and I won’t think too hard about the lack of proper MAC.

One Of Those Nights – Descent Into Gentoo

So I’ve decided to finally install Gentoo Linux. I’m unsure as to how much I’ll like it, I can’t use Unity, which is a bit annoying since that’s the only reason I’m on Ubuntu.

I’m currently backing up about 100GB of data as I think it’s very likely that I’ll end up wiping my entire disk by accident and having to reinstall. Hopefully it isn’t a huge pain to get it done. It will definitely take hours, if only because I still have at least 1 hour left of backing up.

Still, it should be a learning experience.

edit: Ah hell. Finally finished backing up. Now shrinking and formatting. This is going to take forever. But in the end I get a fully optimized and hardened build with only exactly what I want on it.

edit2: Now to format the unallocated space.

edit3: Compiling my hardened kernel. Hopefully this wasn’t all a waste.

edit4: It wasn’t just a waste! It was a waste and then some. I now have some seriously screwed up partitioning and I had to reinstall Ubuntu (wtf? lol) so… I’m unhappy about this lol I think I can salvage it though…

Chris Pirillos Dad Using Windows 8 / Ubuntu 12.04 / OSX For The First Time

Windows 8

http://www.youtube.com/watch?v=v4boTbv9_nU

Mac OSX
http://www.youtube.com/watch?v=XeeOkHjV7nM

Ubuntu 12
https://www.youtube.com/watch?v=ltE_ekc8kE8

 

He does pretty well with Unity, he definitely likes the workspace switcher if he could figure it out. he gets right away how to launch programs and switch between workspace and hsi desktop UI.

Windows 8 he’s completely lost.

Ubuntu Developer Responds To SecureBoot

I’ll preface by saying that this is not an official statement on behalf of Canonical as far as I know, simply a post on /r/ubuntu. The user is the Ubuntu Community Manager and his post about SecureBoot pretty much sums up my own opinions.

His post in its entirety: 

I think we would all agree that this is terrible that Microsoft are putting other Operating Systems in a position where either (1) they have to sign keys to boot, or (2) we have to ask users to switch off something in their BIOS that has “secure” in the title.

While mal-ware is indeed a threat, and quite nasty, I would have preferred to have seen a means in which a solution can be found that is not controlled by a large corporation who themselves has an Operating System product.

From an Ubuntu perspective, we are going to do everything that we can to ensure our OS boots on the widest range of hardware possible, and the story that Matthew Garrett tells is similar to our experiences in the Ubuntu world. Matthew’s story, and the challenges he has explored are not specific to Fedora, but to all Linux distributions.

I think the problem Microsoft is trying to solve is admirable…mal-ware at that lower level is dangerous, but I think the solution is putting companies like Canonical and Red Hat in a tough spot. [1]

This hits the nail on the head, really. Microsoft is trying to solve a problem and that’s great but in doing so they are putting distros and Linux users in a difficult place. As he says, it’s now a matter of supporting SecureBoot and paying VeriSign or asking users to disable a security feature.

I Am Unsatisfied With The State Of Security

I’m running Linux Ubuntu, which I have patched up and locked down in various ways but I’m still unsatisfied with the level of security provided to me.

While my system is heavily protected against exploits it does nothing to stop me from being an idiot. Yeah, I can browser a website with a vulnerability without worry but I can’t download malware and install it. That’s what I want. I want to be able to download malware, install it, and still be secure.

Is that too much to ask for?

I can think of at least one security model that would protect a user from themselves without restricting the users abilities. It’s hard to imagine that I’m the only one who’s thought of it.