[451] A GNU approach to improving Unix security

Wolfgang Jährling
Moritz Schulte
Language english
Room Saal 2
Time Day 1, 18:00h
Duration 1 hour
[1] http://hurd.gnu.org/
[2] http://www.gnu.org/software/hurd/hurd-paper.html
[3] http://www.gnu.org/software/hurd/auth.html
[4] http://www.eros-os.org/essays/capintro.html
[5] http://www.eros-os.org/essays/ACLSvCaps.html
[6] http://www.nsa.gov/selinux/doc/inevitability/inevitability.html
[7] ftp://alpha.gnu.org/gnu/hurd/contrib/marcus/hurd-server.texi


This talk will explain how the GNU/Hurd operating system maps the usual Unix semantics (as defined by POSIX) to its own security model and attempts to fix many of their flaws which continuously cause headaches to Unix system administrators. While doing this would be impossible without the advantages of a microkernel design, an important element certainly is the authentication server of the Hurd, which implements a very small yet flexible Remote Procedure Call (RPC) interface.

Various other servers use its facillities to provide, depending on their purposes and needs, either POSIX-compatible behaviour or a very different and security-improving way of dealing with permissions (in the most general sense of the word). These servers include the file systems as well as the password server and the proxy authentication server known as fakeauth. Since the entire communication between servers and clients is based on Mach ports - or on the more generic concept of object handles in the somewhat distant future - this talk will cover their fundamentals as well. Additionally, the question will be answered how all of this relates to access control lists (ACLs), mandatory access control (MAC) and capabilities, which also claim to provide a more flexible and thus more secure way of looking at the issue of permissions.