Chandan chandanlog(3C)
or sayings of an hearer
or A Blog of a Security Engineer
or The Official Online Journal of Chief Executive Prankster, Sun Microsystems Inc.,

All (Archive) | General | Solaris | Security | Art | About | | 		General Solaris Security Art
« LiveSystem! See the... | Main | ZFS I am impressed! »
16 Dec 2005 Security Ideas for Solaris University Challenge Contest
Here are some security ideas that come to my mind to suggest for Solaris 10 University Challenge Contest.
  1. Come up with an exploit prevention mechanism, may be using DTrace. For eg. assume a new security vulnerability is discovered in Apache, before patches are available for Apache, your mechanism would prevent Apache from being exploited, if there is an attempted exploit. You may use some "Process Destructive Actions" in DTrace or you may do something more innovate and less harmful.
  2. Write a modern fuzz for OpenSolaris, that may parse SGML man pages, automatically figures out command line args, environmental variables, or use DTarce to dynamically find these. It could also fuzz library calls and system calls. It could do many more tests like giving large arguments, large environments, large and random files as input. Whether you win the university challenge or not, you will certainly be hero in the eyes of security community. You would also get a totally worthless but sincere acknowledgment in our Security Sun Alerts.
  3. Use the concepts of LiveSystem to visualize security roles, profiles(1) auths(1) user_attr(4) and privileges(5) and other security features in Solaris 10. This configuration is currently spread over multiple files and difficult to get the big picture.
  4. Create a "system integrity verification OpenSolaris liveCD" that, boots from a CD, detects any Solaris 10 instances on the hard disk, then verifies the Solaris ELF signatures of system binaries using elfsign(1) verify, and reports a summary if it found anything tampered. Could be useful if you suspect your system was compromised


    5. More later as I dig through my notes and home directory...

    Link | Comments [3]

Comments:

Why not add heap guard pages, X^W, stack gap randomization and propolice? These are already used to protect OpenBSD systems, and would be awesome to have integrated into Solaris.

Posted by Matty on December 17, 2005 at 09:39 PM PST #

Good idea. Solaris has features like non executable stack which prevents stack execution. Its least privileges also mitigate privilege escalation.

Stack overflows are not the only things that keep me awake at night. If you count some recent Security Sun Alerts, stack issues are small. DTrace provides a very general purpose solution for any known exploit prevention even though it may not have been designed with that in mind. It can kill an attacker just before he can even knock the door. Also it is easy to set it up to do so.

Posted by Chandan on December 18, 2005 at 12:17 AM PST #

But I it already read very good ideas.

Posted by Met Frost on December 18, 2005 at 02:36 AM PST #

Post a Comment:

Comments are closed for this entry.

« LiveSystem! See the... | Main | ZFS I am impressed! »

Copyright (cc) 2004-2006 by Chandan chandanlog(3C): Security Ideas for Solaris University Challenge Contest