Guillaume Kaddouch wrote a rather fascinating article, SECURITY : OPENBSD VS FREEBSD, that showed up on HN a couple of hours ago. While I found it to be quite an interesting read, I use Linux, not BSD, so I thought it might be useful to see how Linux stacks up (excuse the pun) in terms of similar security features.
Note: I don't have extensive security experience or anything, this is just some quick research I did. Take it with a grain of salt.
I'm going to go ahead and assume you've already read his article, so if you haven't, head over there first.
Since every applciation uses memory, bugs involving memory tend to occur rather frequently, despite extensive efforts to prevent them. When such bugs exist in a language or library, they become extremely prevalent quickly by spreading "virally" into the applications that utilize them.
Given this, it is critical to mitigate these as best as is possible.
Linux has some ASLR support enabled by default in the kernel, along with two popular patchsets, PaX and Exec Shield, which help mitigate this issue by randomizing the base of the stack when the program is setup.
These have been used to mitigate the problem by popular distributions such as Ubuntu, Fedora and RHEL, and Debian.
There is also support in
gcc for stack canaries, which is enabled for all packages in Ubuntu (I have not checked for other distributions). This can aid in protecting against stack smashing.
Mutual Exclusion of Write and Execute Permissions
I couldn't find much data on W^X in Linux, but I was partially relieved to find that the NX bit is used on the stack and heap by default on most distributions, preventing code execution exploits unless areas of memory are manually marked executable from within a program. This especially concerns JITs (SpiderMonkey, V8, Java, etc.) and programs that use them (Firefox, Chrome, Eclipse, respectively), as they dynamically generate executable code at runtime.
Code segments for programs and libraries are loaded in read only areas of memory, so that appears to be relatively safe.
I covered some of ASLR earlier, but it's also good to note that the major distros also apply ASLR to the heap and any libraries used by the program.
I don't particularly understand the section on randomness sufficiently enough to compare Linux support for the same, so I'm just going to skip that for now. At this point in time, I don't know enough about privilege separation at the OS level to be able to research and write about it, so I'll skip that section too.
Swap does not appear to be encrypted by default on some of the major distros, despite this being easily fixed. Persisting these changes and setting it by default is probably a good idea. Randomly generating a fresh encryption key for each swap file or partition on each reboot might also be a good idea.
Most software on the popular distros still seem to be using OpenSSl. However, the good news is that it appears that OpenSSL is getting some more love as of recent times, so hopefully that will prevent future fiascos like Heartbleed.
Alternatives to OpenSSL, such as Network Security Services (NSS), GnuTLS, and LibTomCrypt (my personal favorite, due to ease of use) seem to be widely available in most distros.
Linux has AppArmor and Security Enhanced Linux (SELinux), both of which appear to have seen extensive and thorough use in many distros.
Hell, even Android uses SELinux.
There is Linux Containers (LXC), which can be used alone or by other software, such as the currently popular Docker. There is also Linux Kernel Virtual Machines (KVM), which appears to have pretty damn good performance.
As containers and virtualization are so readily available with excellent ease of use and performance characteristics, there are few excuses left for security issues caused by a lack of isolation.
I lack the requisite knowledge to write about this topic.
While Linux (both the kernel and as a community) appears to be quite safe and secure for the time being, as always, there are still improvements to be made. The things that stood out the most to me that I believe can be improved upon are:
- W^X Protection in memory - either that needs to be written up more in distro docs/wikis or it needs to be added
- Encrypted Swap - really, this is too simple for distros to be skimping out on in this day and age
Discuss on Hacker News.