Haiku Security

Suggestions for security so Haiku doesn’t end up as holed as Windows:

1. Make every user create a root account and a user account at startup.
2. Try to adhere to POSIX to prevent viruses from destroying the computer.
3. How about every program has its own "virtual" memory space(I dunno if this is possible) preventing the programs from interfering with other programs and the core OS files. I.E

YYYY:YYYY - [program 2] {end of virtual space} 

XXXX:XXXX - [program 1(thinks it starts at an earlier number just before a binary interpereter for requesting things the program needs)] {end of virtual space for program 1}

0000:0000 - [OS and servers who may go to any address space]

As its going to be single user for R1, this is going to be rather difficult…

And? What does that have to do to help security? IRIX adhered fairly well to POSIX yet was possibly the least secure OS of its era if not ever. Windows NT has decent POSIX and… you get the picture.

Single user shouldn’t matter. Security is security and limited user accounts are one of the simplest ways to protect yourself from anything that can destroy your system files.

That linux dude was wrong about the it impossible for a virus to affect your system with POSIX. Well, I think it should have some good security measures. A topic at MES got some interested in BeOS. Security measures in BeOS were pointed out by a few members, notably Limited User accounts.

You’re not -quite- getting the concept of "single user". Its not like its limited to one user with multiple accounts. You are the superuser, the entire time. Thats what "single user" refers to.

BeOS has no security measures; and it most certainly doesn’t have limited user accounts. To be compatible with BeOS, Haiku has to stay the same way.

You still haven’t explained what you meant by adhering to POSIX to stop viruses, and now you’ve contradicted yourself.

Haiku R1, at any rate. Who knows what R2 will bring?

Very basic security could be added for a "protected"/"children" mode in r2.

Blocking users/programs from changing application mimetypes
Having a limited run list in Roster, etc

It’s always something to talk about on the glass elevator (or here), no?

Better than nothing, I guess…

Glass Elevator is a mailing list set aside specifically to discuss Haiku R2 and beyond - it’s much like this "Suggestion Box" forum, except it’s been around longer, and probably has a LOT more traffic.

Oh, well thank you for listening to my suggestions. I will be sure to download Haiku R2 when it finally comes out.

I used to think "why do i need multi-user…I’m the only one who touches this pc"
then i realized, on the net, anyone can be that single user of my pc!
lots of people with xp home are basically at root and I don’t think they know how to adjust

Hmm… Multiuser, POSIX security.

Yeah. Then the virus can’t make my system unbootable (something I can fix in six minutes with a Haiku boot CD), just wipe my home folder (and everything I’ve worked on since last backup).

Sounds lovely to me!

I wonder if adding a feature in the kernal to ask for a password to change a directories/files from read to read/write might be an option.

I see 2 things I would want included.

1. To change a directory/files from read to read/write ask for the password and your done. directory will be read/write from then on.

2. If you want to write into, copy, move or delete a read only directory/file get prompted for the password and have it set back to read only again at the end of the process.

I have seen this as a weak spot in some OS’s. The harder it is for something to write into a directory or part of the hard drive when you don’t want it to the better. Win98 was a classic, any file set to read only could be change in the blink of an eye without you even knowing about it by any program.

From what I have seen and I could be wrong as soon as you log into a root account anything goes again. The log in password was the only check to stop being able to do a whole heap of stuff to the drive yet you might need to go to root to install some programs.

You could still keep it single user but without the option that a program could just write into a read only system directory or over the top of a read only system file by changing it to read/write without a password confirmation.

Just thought of another idea not sure if anybody will like it or if it would be needed. You could have a system directory as read/write so you could update config files as needed. Have other files as read only so they can not be touch an add another permisssion to directories that no new files of directories can be created without the password confirmation. It would tell you if something is trying to write into a system directory that you had to have as read/write because of the config files. I would see it helping to stop something sneaky trying to write into a directory that you had to have set as read/write.

what about a firewall?

I am going to respectfully disagree with most of the comments here. I also recognize that, while security is very important, it is not a primary focus in these early days of a partial working system. Still, it’s a good sign that this is getting discussed early on.

I would say that none of the current security features of modern systems are good enough. Haiku should be looking forward at new systems whose goal it is to replace current broken models for ideas and inspiration.

There is no reason for Haiku to stick with old Unix traditions like the ‘root’ account. There is no added security by having an additional all-powerful account. Instead, a single user might have separate roles that have different privileges or perhaps applications could be compartmentalized to achieve better security.

Take a look at Fedora’s security features and the up-and-coming PolicyKit or even take some inspiration from the OLPC project which has some innovative security features. Sure, some of these don’t make sense for Haiku, but it’s important to think creatively about this and get as many ideas as possible.

Another thing that Haiku might face in the future is problems associated with the uniformness of the operating system. This is a familiar problem with Windows XP that some effort was made to fix in Vista. Fedora also tackles this with features like variable reordering.

Some References:

OLPC: http://www.wired.com/news/technology/0,72669-0.html
Fedora Security: http://fedoraproject.org/wiki/Security/Features
PolicyKit: Search Google, there’s not much info on this except in some newsgroups and code repositories. It will make it’s big debut in Fedora Core 7.

Hello all!!

I’m new here, and I very worried about security. I’ve always used Windows XP, I’m going to give the opinnion of a Windows-user. After many years searching, at least I’ve found (I think) the “definitive security tool”. It is called “geswall” and can be downloaded at www.gentlesecurity.com. Basically it adds an additional layer of ACLs at application level. It permits any user to create permissions to any application (independently of user account rights) for acceding to folders, services, objects, registry keys, etc. Moreover, it avoids applications for using OLE messages.

The problem? Well, it’s a great tool…but very complicated for a non-advanced user. For other part, it’s a lot of work to create permissions for each application in hard disk!!! Finally, the non-permission of using OLE eliminates a powerful feature of Windows, and some applications could not work properly.

As one said above, I think the definitive security could be reached with automatized “sandboxed” apps, which only can accede to their installation folders, user folder and memory space, and can execute another apps (for example, internet passwords could be saved in web-browser folder, only browser can accede to them). In addition to that, a system folder with non-critical customizations, but only allowed to write with password; the rest of system folders could not be acceded by any application, only can be reinstalled, no more.

As said here, I don’t think the multiuser could add “more security” (??) And what if an app cointaining a trojan is installed thinking it is reliable? Multiuser is an unnecesary complication, the better could be anyone would have his own folder protected by password.

Innovative concepts are neccesary to avoid falling down in “virus career”, like Windows. If Win is so extended, it is because of the easy of use with root-account, but forgetting security; people is so used to re-install Win every 15 days, that virus creators have no limits. I’ve been using Win XP since 5 years, and only been infected once, during browsing with root account. I’ve been more than 3 years without reinstalling SO and it runs very fast, after a lot of work optimizing it. I don’t use antivirus since many time, and have not any problem.

All security process shall be “automatic”, so that noone should be worried about virus, trojans, etc…If Haiku is intended to be a realistic alternative to Windows, it shall be as (or even more) easy as Windows, and include non-intrusive security concepts.

Regards.

If I understand correctly, are you talking about something like sudo?

I’m personally not a fan of multi-user machines unless there are going to be multiple users. It seems like most folks only ever use but one account, and unless they get badly burned for doing so are unlikely to change. Someone mentioned multiple accounts for different tasks, but folks tend to ignore default extra accounts like NT’s ‘GUEST’. Heck, I still see default accounts/passwds cropping up in sytems that’ve been around for years.

Now, I don’t like how linux has me set up the root account and then tells me to never use it; but denies me the ability to modify my system unless I go root. I think ubnutu did an okay job with that, by essentially removing root, and password prompting for any ‘root’ actions.

Personally, the sudo thing also gets on my nerves, but it’s not bad. I’d kindda like to see way of verifying the action is coming from the user at their box. See if input is coming from the attached keyboard/mouse, or a secured ‘okay’ list (for system files/scripts to communicate with each other); if it is, trust them. Otherwise, such as networked connection (telnet, ssh, etc), or not part of the ‘okay’ list, sudo type verification. This way I could be working on one machine and still change another on my network, I’d just have to validate myself a lot as I was doing it. Or get out of my Laz-E-Boy, walk to my desk and avoid the password nagging.

Of course that’s no good if you’re worried about physical access to your computer, but if someone has that, all the security in the world won’t really matter.

Just my thoughts.

Haiku without security won’t be taken serious in any kind of enterprise environment. Without user accounts i’d probably never share a computer that had any personal info on it, which would be my laptop, or desktop.

My two cents.

I didn’t mean to reply to your post but rather to the whole thread.

Hi all,

Would a program analogous to rkhunter on linux be a useful, or even possible addition to Haiku?

Besides actively looking for the rootkits, they check that various /bin’s are up to date and that their MD5 sigs tally with those of the official releases

Speaking of security … Someone will look at this? : P or publish the alpha with a shell account for intruders … xD

http://dev.haiku-os.org/ticket/3776

Regards!