Enhance Security

Hi to all,
anyone has thinked to add some advanced features to JNode, to enhance the overall security of the system ?

For example, add a random offset to the base stack and heap at every execution of any application, like in Free BSD or in many other (new) projects for Linux ... this could be relatively simple to add. In this way some types of Exploits could have no effect.

Or to deny the Execute for memory pages (like the PaX project) etc.
Or execute (only some) applications in a chroot'ed environment ... etc.

For some references see here:
http://www.grsecurity.net/
and
http://www.nsa.gov/selinux/

Bye,
Sandro

Exploit first

Maybe we should find ways to exploit this first. I though Java doesn't allow direct access to the memory and so does Jnode. Thus Java / Jnode shouldn't suffer from the problems fixed by the enhancements you mentioned.

Regards.

Sebastian

let's verify

Hi,
are you sure that we can't try to hang a Java application (under JNode, but maybe under other OS is similar) and attach to it some malicious executable code (simple stack overflow attack) ?

And, in JNode we have some Java classes that have access to the Hardware directly, so I could use them to do something ... safe or malicious. So at least I expect to have these classes protected and usable only by some trusted applications (signed by the JNode team for ex.) ...

If under JNode this is not possible, OK we are already trust, but are we sure ? Maybe it's the case to verify ... or to try.

I think that some of the features I said before could be a first step to have a more advanced security.

Bye,
Sandro

To verify, just write new JUnit testcases !

This will allow to say to us and the other : "yes, JNode is secure for this kind of attack. We have tested it."

A specific Security permission should be added for all low levels accesses (all accesses that are not possible with the jdk).

Fabien

Exploiting

Maybe it is possible to manipulate Java applications on normal OSs because they allow you to directly access memory. But Java itself doesn't have a means of directly accessing memory. Since Jnode is implemented in Java (or at least the applications running inside of Jnode) and has no notion of native code you can't express things you cannot express with Java (e.g. no pointers to memory addresses or so).

Jnode has classes that e.g. directly access memory. But these classes are / should not be publicly accessible (e.g. by making those classes protected or package-protected). Alternatively invocations of methods of these classes should require a special Permission.

Of course it is possible that a flaw in the implementation of these security constraints makes it possible to break into the system. But this is also true for the implementation of the suggestions you make and can only be avoided by carefully reviewing the code.

You can never be sure that a system is secure - up to the point when someone successfully attacked it. Then you can be sure it is not (as) secure (as you thought initially).

Sebastian