Name: Loganaden Valaydon Velvindron Email: logana...@gmail.com
Physical address: 88, Avenue de Plevitz, Roches Brunes, Rose-Hill Phone number (include country and area code): (230) 9762817 Link to BSD work: http://www.freshbsd.org/search?q=loganaden+velvindron Links to prior code related to this area of work: ftp://ftp.irisa.fr/pub/OpenBSD/src/lib/libutil/imsg.c ftp://ftp.irisa.fr/pub/OpenBSD/src/lib/libutil/imsg.h http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/syslogd/syslogd.c.diff?r1=1.64;r2=1.65;f=h http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/syslogd/privsep_fdpass.c?rev=1.7;content-type=text%2Fplain http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/tcpdump/privsep_pcap.c?rev=1.16;content-type=text%2Fplain http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/tcpdump/privsep_fdpass.c?rev=1.7;content-type=text%2Fplain http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/tcpdump/privsep.h?rev=1.7;content-type=text%2Fplain http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/tcpdump/privsep.c?rev=1.30;content-type=text%2Fplain Breakdown of the work you expect to do each week of the project: The imsg API is a simple framework that was designed to make it easy to write privileged-separated daemons. It is developed as part of the OpenBSD project. The advantages of the imsg framework is that it is minimalistic in nature, and isactively being developed. Other privilege-separation frameworks such as privman are no longer actively maintained and make a number of assumptions that maynot apply to all daemons. imsg was developed as a simple and reliable RPC mechanism, and it has been found suitable for implementing privilege separation. Another approach which is interesting to consider is postfix. http://www.postfix.org/security.html Postfix uses separate processes that communicate among themselves. However, this approach requires significant re-write from scratch which may be difficult to complete given our timeframe. OpenBSD has also been using privilege separation since 2002, and their code is considered very mature. 1st week, We need to import the imsg.{c,h} from OpenBSD into DragonflyBSD. Then, we will need to sync with the latest changes in OpenBSD as some daemons (dhclient. Dhcpcd) have moved to the imsg framework. Joerg Sonnenberger & Hasso Tapper already started some of that work but it’s a bit incomplete. A cursory look at privsep.c in dhclient shows that it was last updated in 2008. OpenBSD has been making fixes to privsep.c. Quote from a recent commit message in 2011: ``Dump some useless calls to dhclient-script. i.e. MEDIUM, PREINIT, ARPSEND, ARPCHECK. Drop support for 'media', 'medium' and 'alias' specifications in dhclient.conf. Old leases still parse but these options now have no effect. Be more polite and decline all offers we don't accept. Fix a IMSG length check. '' If the import causes any conflict with the local patches, the latter will need to be adapted to fit with imsg framework. In case that these 2 conflict, then the privilege separation may need to be loosen up a bit. It's important to keep in sync with the latest privsep changes as subtle bugs are still being found. As to how to quantify performance, some figures are already available: http://www.citi.umich.edu/u/provos/papers/privsep.pdf Chapter 6 shows that the performance penalty for the complex ssh daemon was minimal as long as the data that needs to be moved from master to slave process through IPC is small. This will need to be kept in mind when applying privsep to dntpd. 2nd-3rd week: Privilege separate syslogd by importing patches from openbsd. syslogd could break when creating new files outside the chrooted directory (/var/log/). The only difference from existing behaviour is that if syslog.conf changes and syslogd receives a HUP, it will re-exec itself and have two new PIDs. A HUP with an unchanged config will make syslogd reopen logfiles as before. Additionally, it will involve splitting the code as dflybsd's syslogd is monolithic compared to openbsd's syslogd. the tty handling code will need to be moved, as it requires special handling with the rpc. Once the code is properly split, we can start applying privilege separation. 4th-5th week: Privilege separate dntpd from scratch. A look at ntpd in openbsd would be interesting as the latter was designed from scratch and incorporates privilege separation. logging & dns will break. The master will need to read the logs and resolve dns for the slave process. This will involve some strict checks as the slave process is untrusted. Since the master calls the time system calls (adjtime, settime), a delay is inevitable as those messages are sent through RPC. This has been considered acceptable in openntpd. 6th-9th week: Privilege separate tcpdump. This will probably be the most complicated among the demons due to the complexity inherent in tcpdump. Patches from openbsd are available. dns & writing to a file using -W option can break since tcpdump is chrooted to /var/log/ Master process needs to be able to do the following tasks and sent the results through rpc to the slave process: gethostbyaddr, ether_ntohost, getrprcbynumber, getservenetries, localtime. >From the commit message in openbsd: Modified files: usr.sbin/tcpdump: Makefile addrtoname.c addrtoname.h gmt2local.c interface.h print-atalk.c print-cnfp.c print-sunrpc.c print-udp.c tcpdump.c util.c Added files: usr.sbin/tcpdump: pf_print_state.c pfctl_osfp.c privsep.c privsep.h privsep_fdpass.c privsep_pcap.c A lot of rewrite of existing protocol handling is to be expected, and these could break. Testing All those changes is going to be tricky as protocols such as apple-talk are no longer popular. Also, we need to check that tcpdump on pf isn't broken by this. 10th Last week: Commit to –current Please list any needed equipment or accounts for your work: I already have a machine running –current at home. I’ve already talked to Angelos Oikonomopoulos who has shown some interest in reviewing the patches. A sane –current & users willing to test the code would certainly help! -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light !
