Re: Kill the DOG and win 100 000 DM

[Jay Tribick <jay.tribick () CARRIER1 NET>]

Hi,

> The version that they release for free (PitBull Foundation MU 3.0)
> installs only on a particular releases of Solaris 7 - 10/98 and 8/99
> inclusive - which, IIRC, corresponds to stock Sol 7 as first shipped
> through to MU3 of Sol 7.   If you install MU 4, or, God forbid, roll on
> 7_Recommended, you will end up with having to wade through pages and pages
> of patch compatability information to identify if the patch in a
> particular revision as you installed it is compatable, or not.

Actually the easiest way to do it without wading through the compatibility
list is to put the patch(es) on first, and then install Pitbull on top (the
Pitbull installation is set of kernel + user level patches and can be
installed on an already running system.)

> This leads me to believe that some of the exploits might still be possible on a
> stock install of free PBF MU 3.0 if it is installed according to the 6
> double paged installation guide provided on teh web site - libc and ttdb
> and comsat exploits in particular.

Absolutely - but trusted operating systems aren't cheap, and if the
SAs were clueless he/she wouldn't have deployed it in the first place.

To a certain extent.. you're paying for obscurity :)

I would hope that any SA who's using Pitbull in a commercial environment
is already well aware of both the common exploits that are out there, and
that a system doesn't come secure out-of-the-box. Pitbull is a means to
an end, as is any trusted operating system - it's up to the admin to be
competent enough to secure the box itself, and to be able to configure
all the different aspects/features that the TOS brings to the table.

A TOS is a tool, it allows you to enforce pretty much any security
policy you want to enforce - but you have to have that policy clearly
defined, and you have to know the operating system inside-out... if
you're security policies non-existent, or you expect to be able to
install it and say "ok, this host is secure now" then Pitbull
isn't the answer.

> Of course PitBull does provide the patch cluster with their patches
> integrated, but I were not cool enough to have a valid username/password
> pair for the support section on the commercial Argus site to download them.

I think the argus revolution site is there to promote Pitbull to
people who otherwise wouldn't have access to this kind of OS, and
for us admins who get bored and want to play with something new.. in
the hope that we one day will find a commercial use for it and buy it.

> root password is rather useless to give out as even stock Solaris will not
> let one to log in over the network as user, same thing is for isso/sa/so
> users on PBF MU 3.0, and it's unlikely that there will be any other
> accounts.

root doesn't actually have any privileges on a Pitbull system.. he's
just a normal user (out of the box..)

> > But such publicity stunts are always useful. You get free media exposure
> > for spending the premium on the insurance (if insured), or DM100,000 *
> > probability of hack.
>
> As it stands now, the contest is rather rigged, as while the Argus
> engineers who configured the system do understand the differences in
> priviledges between isso, sa, root and so users that PitBull needs, it is
> unlikely that this and other security concepts will be fully grasped by an
> average SA deploying the B2 level system, and misconfigured system will
> end up providing fake security.

If you're going to the trouble of deploying B-level TOSs in a critical
or at least security aware environment it's not something you do overnight..
to their credit, Argus do provide full training on the system, and they do
help you through the installation and make sure that the security policies
you want to enforce are ported to the system and working correctly.

..if anyone would like Jeff Thompsons talk from Defcon 7 on "Hacking B1
Trusted Operating Systems", send me an email and I'll put it up somewhere.

--
Regards,

Jay Tribick
Senior Systems Engineer
Carrier1
Voice:  +44 207 531 3874