I just want to know what security framework is planned to Haiku will have.
Is there any planning about implement any DAC framework (like selinux or grsec), any prevented buffer overflow tool (like pax), … in general about security?
If not, what framework do you like to be ported in Haiku?
The Haiku devs are the most likely to be qualified to answer your questions, but most of them do not monitor these forums. Please, post a message on the Haiku Development list instead, which you can subscribe from here:
selinux sounds way overkilling for an OS targeting user friendly and simplicity.
PaX, on the other side, will be a great addition, and a good first security step.
While I’ll bet people currently trying to write malwares for Haiku could be counted on, well, zero hand (hello, it’s not even consumer-grade guys!), most of vulnerabilities Haiku is exposed comes from his own code or foreign programs coding errors.
Having a PaX-like feature would catch those easily, which in turn will help fixing serious issues waiting in the shadows…
Plus, who knows, maybe in the future Haiku will be so popular that a new malware will show up each today!
For a DAC framework, yes, but for a more simpler security feature like PaX, which focus only on code attack thru shellcode, bufferoverrun and like, you don’t, as it’s totally unrelated to user permissions.
[quote=phoudoin]selinux sounds way overkilling for an OS targeting user friendly and simplicity.
PaX, on the other side, will be a great addition, and a good first security step.
[/quote]
And what’s your opinion about grsecurity? Perhaps it’s more easy to manage than selinux
In my opinion, perhaps a security framework could be implemeted in the core of the system. I know (I watch google conference) you write Haiku in C++. It brings you more power to do it as a library in OS rather than port an existed security framework. But it’s only a prophane opinion
I think a good design could do that in the future you don’t need to implement more code.
It’s very clear that security plans are for R2 (or even R3), but hey!, I just want to know if there are plans for it.
Good luck,
Xan
PS: I want a future having haiku in many machine (not so for malware every day! because it will be the most secure in the world )
If Haiku could deliver a virus resistant OS by default for the desktop, that could be the killer feature that would drive many people to adopt it.
We should look at object based capability systems like the IBM OS/400 and eros (now coyotos)
To say that Haiku won’t have viruses just because very few people will use it…is not such a great attitude to have.
Another thing that I’m surprised I haven’t seen on any OS is a password quality meter to ensure that users come up with good passwords. Firefox has one and there are some websites that have them and won’t let you continue until you come up with a decent one. Type a password that is equal to your user name and you should definitely ‘lose.’