Stephanie for OpenBSD 3.6 is released
-------------------------------------
Introduction
------------
Stephanie is an OpenBSD hardening package. It's compiled of kernel and
userland patches that when used add several security features. In this
version included are:
- Vexec: Verify file integrity before executing/opening it.
- TPE: Prevent untrusted users executing files in untrusted locations.
- Privacy: Privacy extensions, in-kernel and userland.
What's new?
-----------
- Vexec: Mostly rewritten. Now uses hash tables to store data,
introducing O(1) performance in best case and O(n) where 'n' is
number of inodes that produce same hash on a given device in worst
case.
Noting the recent collision discovery in SHA-0, it's worth
mentioning that Vexec offers 6 hash types (MD5, SHA1, SHA256,
SHA384, SHA512, and RMD160 - all hash types supported by the OpenBSD
3.6 kernel) and it's design allows easy extensions for adding new
hash types, if required. (read NEW_HASH)
- Privacy: More privacy features. Namely, there are hooks in netstat,
w, who, last, and finger. The output is filtered according to the
features status.
- The trustcheck(2) syscall has been removed; now interaction with
Stephanie's settings - including trust status of current process -
is done solely using sysctl.
License
-------
Stephanie for OpenBSD 3.6 is mostly a rewrite. BSD-licensed code from
NetBSD and Brett Lymn is no longer in use, so Stephanie moves to an
ISC-style license, available in
http://ethernet.org/~brian/Stephanie/doc/LICENSE
Download
at http://ethernet.org/~brian/Stephanie/
Support
-------
Please mail me with any questions, comments, bugs, and feedback in
general. Remember - DO NOT MAIL OPENBSD MAILING LISTS WITH QUESTIONS
ABOUT STEPHANIE! unless you really want to. Anyway, CC me if you do.
Make sure you've read stephanie(7) after installation is complete.
Credits
-------
Stephanie for OpenBSD 3.6 was written and is maintained by br1an. Send
your feedback to <[EMAIL PROTECTED]>.
Thanks to Eli Klein, Rod Cordova, and super.
-b.
