1. V-1 Security Features in FreeBSD 4.0 M. Warner Losh Timing Solutions, Inc. FreeBSD Security Officer imp@FreeBSD.org http://www.freebsd.org/~imp/japan-00.ppt June 9-10, 2000 JUS/K*BUG Seminars

2. V-2 Road Map to Talk  Introduction  New technical features  New organizational features  A closer look at jail(8)  Q & A

3. V-3 New Technical Features  Jail(8) and chroot(2) enhancements  OpenSSL and OpenSSH  Many vulnerabilities from “ports” corrected  IPv6 and IPSec added  Secure telnet using SRA  New resource limits created  Bug fixes: many DoS issues corrected  ipfilter and ipfw improvements

4. V-4 New Organizational Details  Total system approach to security  Mr. Kris Kennaway is now coordinates “ports” related security issues  Security advisories now issued for “ports”  FreeBSD system administrators members of security-officer ML  FreeBSD Auditing project  Security awareness activism

5. V-5 A Closer Look at Jail(8)  Historical perspective  What is wrong with chroot?  What it adds over chroot(8)  How does jail(8) fix those problems?  A quick example  Where to find more information about jail(8)

6. V-6 Historical Efforts  Chroot jails were constructed to help firewall systems.  Chroot was also used to segregate users from each other on highly secure machines  Chroot environments were used to allow multiple versions of software to run on the same machine unchanged

7. V-7 Problems with chroot(8)  Can obtain or keep references outside of the chroot tree  Superuser still can do everything, including accessing the raw disk and mounting filesystems  Current directory doesn’t change, so it is easy to accidentally contaminate a chroot jail’s environment  Hard to make secure against root

8. V-8 How is jail(2) Different than chroot(2)?  Chroot(2) only changes the root directory  Jail(2) does everything that chroot(2) does, as well as:  Changes directories to the root of the jail  Dilutes superuser abilities while in jail  Adds an IP address for use only by the jail  Restricts what jailed processes can see outside of the jail.  Jailed processes flagged as being in jail

9. V-9 A quick example -- Setting up the tree D=/here/is/the/jail cd /usr/src make hierarchy DESTDIR=$D make obj make depend make all make install DESTDIR=$D cd etc make distribution DESTDIR=$D NO_MAKEDEV=yes cd $D/dev sh MAKEDEV jail cd $D ln -sf dev/null kernel

10. V-10 An Example -- Configuration  Limit network services that listen on all ports: nfs, portmapper, inetd, sendmail, bind, etc  copy /stand/sysinstall to $D/stand/sysinstall  start jail: jail $D my-jail-name 10.0.0.1 /bin/sh  run /stand/sysinstall in jail to configure machine  setup timezone, add accounts, disable network interfaces, etc  exit jail

11. V-11 A quick example -- starting the jail  Add alias to network interface  mount procfs in the jail’s /proc directory  start jail: jail $D my-jail-name 10.0.0.1 /bin/sh /etc/rc &  Let the jail do is thing.  To make this permanent, you’ll need to write a rc.d script to accomplish this on startup.

12. V-12 Problems with jail(8)  Not a complete virtual machine  Large overhead in chroot trees  No management facilities for jailed processes  Can be hard to setup  NFS can get confused in jailed systems

13. V-13 Where can I find more about jail(8)?  Man pages: jail(2), jail(8)  /usr/share/doc/papers/jail.ps  http://people.freebsd.org/~imp/jail.html

14. V-14 Questions and Answers  42 Warner Losh Timing Solutions, Inc. FreeBSD Security Officer imp@FreeBSD.org