Ancestors

Written by Goblin on 2024-10-02 at 16:42

Sometimes people ask me why I like #OpenBSD so much.

Over the weekend Theo de Raadt the founder of the whole project emailed me and my PhD student to say he liked our paper (and that it was 95% correct). We have never interacted with him before and the paper was published in a tiny workshop and on arXiv. He just stumbled on it.

(1/3)

=> More informations about this toot | More toots from goblin@crispsandwi.ch

Toot

Written by Goblin on 2024-10-02 at 16:56

The (open access) version of the paper is here, if anyone cares. Turns out OpenBSD gets a lot more use of its sandboxing mechanisms in its packages than other OSs (and maybe theres a reason for that…)

https://arxiv.org/abs/2405.06447

(4/3)

=> More informations about this toot | More toots from goblin@crispsandwi.ch

Descendants

Written by Ludovic Courtès on 2024-10-02 at 20:31

@goblin On Linux, a more limited form of sandboxing is provided through namespaces (CLONE_NEWNS, unshare, etc.), and that can be used by systemd to isolate services that do not themselves use sandboxing directly:

https://0pointer.de/blog/projects/security.html

Likewise for the Shepherd:

https://guix.gnu.org/en/blog/2017/running-system-services-in-containers/

I suspect the study slightly underestimates use of sandboxing on Linux. WDYT?

=> More informations about this toot | More toots from civodul@toot.aquilenet.fr

Written by Goblin on 2024-10-02 at 20:48

@civodul Yes definitely. We acknowledge this in the threats to validity. We track systemcalls made to via a limited bunch of APIs and packages that depend on them. The more interesting bit (for me anyway) is what is being sandboxed.

=> More informations about this toot | More toots from goblin@crispsandwi.ch

Written by Tariq on 2024-10-02 at 20:47

@goblin

I am overjoyed to see section 7.3 - Usability

Usability should be a top-tier priority when designing security controls.

=> More informations about this toot | More toots from rzeta0@mastodon.social

Written by Goblin on 2024-10-02 at 20:55

@rzeta0 preaching to the choir! we study developer centered usability at Bristol. programmers don't want to make mistakes but they're as human as the next. Science can help fix the software!

=> More informations about this toot | More toots from goblin@crispsandwi.ch

Written by Tariq on 2024-10-02 at 21:01

@goblin

I did my masters in cs at Bristol about 20 years ago!

=> View attached media

=> More informations about this toot | More toots from rzeta0@mastodon.social

Written by Goblin on 2024-10-02 at 21:03

@rzeta0 Huh! We probably crossed paths then I did my undergrad there about that time. Its much the same as it always was but Mike Fraser’s now the boss and the old purple chairs outside 2.11 are now a bit more rainbow-y!

=> More informations about this toot | More toots from goblin@crispsandwi.ch

Written by ed(1) conference on 2024-10-03 at 14:29

@rzeta0 @goblin This is definitely the main reason I tend to employ OpenBSD's pledge/unveil functionality. It's a couple lines of code in most cases (often half of which is boring error-checking). Implementing the same functionalities in the other lockdown frameworks always results in many more lines of code.

=> More informations about this toot | More toots from ed1conf@bsd.network

Written by Jaycie on 2024-10-03 at 19:20

@goblin As someone whose entire tech path was heavily shaped by how OpenBSD happened to be the only UN*X teen xe could get working on a Centris 650, this story could not be more endearing. Thank you.

=> More informations about this toot | More toots from jaycie@tech.lgbt