Privilege Drop, Privilege Separation, and Restricted-Service Operating Mode in OpenBSD
canopic jug writes:
OpenBSD developer, Florian Obser, has written a detailed post on privilege drop, privilege separation, and restricted-service operating mode in OpenBSD. The BSD-derived operating project, OpenBSD, has been at the forefront of mitigation techniques, for decades now. Florian discusses what OpenBSD has now, and how it got there and provides examples.
Prologue
My main focus in OpenBSD are privilege separated network daemonsrunning in restricted-service operation mode. I gave talks at BSDCanand FOSDEM in the past about how I used these techniques to writeslaacd(8) and unwind(8). While I do not think of myself as a one-trickpony, I have written some more: slowcgi(8), rad(8), dhcpleased(8), andgelatod(8). I also wrote the first version of what later turned intoresolvd(8).
At one point I claimed that it would take me about a week totransmogrify one daemon into a new one.
Why
Privilege drop, privilege separation, and restricted-service operatingmode are exploit mitigations. When1 an attacker finds abug we try to stop them from causing damage. The mitigations we aretalking about here are aimed at attackers that achieved arbitrarycode execution. Due to other mitigations that is quite difficult topull off. These are the last line of defence. We try to remove as manyresources from the attacker to play with and try to crash the programas quickly as possible if an attacker touches something they are notsupposed to.
Previously:
(2022) Fuzzing Ping(8) ... and Finding a 24 Year Old Bug
(2021) Recent and Not So Recent Changes in OpenBSD That Make Life Better
(2018) OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug
(2017) Kernel Address Randomized Link in OpenBSD
(2014) Bob Beck gives a 30-day status update on LibreSSL
And many more.
Read more of this story at SoylentNews.