Join our events mailing list to receive information on CUUG events such as our general meetings, Open House, special guests, etc.
Don't forget to check our other mailing lists too.
May General Meeting
Better than a sandbox, safer than a jail, it's ... Pledge
Speaker: Theo de Raadt, Founder, OpenBSD
Pledge is a new way of constructing security policy in programs:
- study the program
- figure out what it does
- when you determine all the system calls that will be called in the future
- promise those are the only operations needed!
Pledge is an OpenBSD system function that uses a design pattern to split a program into processes performing different sub-functions. Each process is designed to operate in a separate security domain. Processes cooperate over pipes using some protocol. This is a refinement of the "sandboxing" concept.
Pledge forces a process into a restricted-service operating mode. A few subsets are available, roughly described as computation, memory management, read-write operations on file descriptors, opening of files, networking. In general, these modes were selected by studying the operation of many programs using libc and other such interfaces, and setting promises or paths.
Use of pledge() in an application will require at least some study and understanding of the interfaces called. Subsequent calls to pledge() can reduce the abilities further, but abilities can never be regained.
Theo de Raadt is widely recognized as a world class security expert. In October 1995, Theo founded the OpenBSD project. OpenBSD is the most secure of the publicly available operating systems.
In 1999, Theo created OpenSSH with other members of OpenBSD. It is now incorporated into all Unix systems plus hundreds of other network enabled products. It has become the most "vendor re-used" piece of open source software, with more than 95% of the SSH market.
Theo was awarded the Free Software Foundation's 2004 Award for the Advancement of Free Software, for recognition as founder and project leader of the OpenBSD and OpenSSH projects. His work has also led to significant contributions to other BSD distributions and GNU/Linux. Of particular note is Theo's work on OpenSSH, his leadership of OpenBSD, his commitment to Free Software and his advancement of network security.
Theo is also well known for his advocacy of free software drivers. He has long been critical of developers of Linux and other free platforms for their tolerance of non-free drivers and acceptance of non-disclosure agreements.
Tillyard Conference Centre715 - 5 Ave. S.W.
5:30 PM, Tuesday, May 24, 2016Note that this is the fourth Tuesday of May (not the last Tuesday).
Snacks at 17:30. Meeting begins at 18:00.
Building doors are locked at 18:00, so please try to arrive early.
There is $2 parking after 16:00 across the street in the underground parkade (McDougall Centre).
Non CUUG members are welcome but now must RSVP to office at CUUG no less than 48 hours prior to the meeting or pay $10 at the door.