Dear CUUG members and friends,
Our May meeting will feature Theo de Raadt explaining the openBSD pledge
"better than sandboxing" concept.
**** Please note that May 24 is the 4th Tuesday of May, not the last one.
Non CUUG members remain welcome and must RSVP to off...@cuug.ab.ca
no less than 48 hours in advance or pay $10 at the door.
Regards,
Chris Aziz
CUUG President
May General Meeting
Better than a sandbox, safer than a jail, it's ... Pledge
Speaker: Theo de Raadt, Founder, OpenBSD <http://www.openbsd.org/>
Pledge is a new way of constructing security policy in programs:
* study the program
* figure out what it does
* when you determine /all/ the system calls that will be called in the future
* promise those are the only operations needed!
Pledge is an OpenBSD system function that uses a design pattern to split a program into processes performing different
sub-functions. Each process is designed to operate in a separate security domain. Processes cooperate over pipes using
some protocol. This is a refinement of the "sandboxing" concept.
Pledge forces a process into a restricted-service operating mode. A few subsets are available, roughly described as
computation, memory management, read-write operations on file descriptors, opening of files, networking. In general,
these modes were selected by studying the operation of many programs using libc and other such interfaces, and setting
promises or paths.
Use of pledge() in an application will require at least some study and understanding of the interfaces called.
Subsequent calls to pledge() can reduce the abilities further, but abilities can never be regained.
Theo de Raadt is widely recognized as a world class security expert. In October 1995, Theo founded the OpenBSD project.
OpenBSD is the most secure of the publicly available operating systems.
In 1999, Theo created OpenSSH with other members of OpenBSD. It is now incorporated into all Unix systems plus hundreds
of other network enabled products. It has become the most "vendor re-used" piece of open source software, with more than
95% of the SSH market.
Theo was awarded the Free Software Foundation's 2004 Award for the Advancement of Free Software, for recognition as
founder and project leader of the OpenBSD and OpenSSH projects. His work has also led to significant contributions to
other BSD distributions and GNU/Linux. Of particular note is Theo's work on OpenSSH, his leadership of OpenBSD, his
commitment to Free Software and his advancement of network security.
Theo is also well known for his advocacy of free software drivers. He has long been critical of developers of Linux and
other free platforms for their tolerance of non-free drivers and acceptance of non-disclosure agreements.
Tillyard Conference Centre
715 - 5 Ave. S.W.
5:30 PM, Tuesday, May 24, 2016
/Note that this is the *fourth* Tuesday of May (not the last Tuesday)./
Snacks at 17:30. Meeting begins at 18:00.
/Building doors are locked at 18:00, so please try to arrive early./
There is $2 parking after 16:00 across the street in the underground parkade
(McDougall Centre).
*Non CUUG members are welcome but now must RSVP to office <http://www.cuug.ab.ca/CUUGsite99mar/nospam.html> at CUUG no
less than 48 hours prior to the meeting or pay $10 at the door. *
_______________________________________________
clug-talk mailing list
clug-talk@clug.ca
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
