BSDCan2017 - 0722d

BSDCan 2017
The Technical BSD Conference

Pierre Pronchery
Day Talks #2 - 10 June - 2017-06-10
Room DMS 1110
Start time 11:15
Duration 01:00
ID 818
Event type Lecture
Track Security
Language used for presentation English

Hardening pkgsrc

Securing packages, 17.000 at a time

pkgsrc is a package management system, providing over 17.000 packages today. Even though it originates from the NetBSD Project, it supports many other platforms, even as the official source for packages for some of them.

A key feature of pkgsrc is its ability to abstract the specificities of the host Operating System and build environment away. This versatile, centralized software repository provides a great opportunity to apply, experiment with and maintain security features for a complete software distribution.

While some of the features and mechanisms mentioned in this document are well adopted in the industry, their integration into the pkgsrc project is still in progress. The project should also be able to help with the development of additional innovative techniques, for further hardening of the deployment of pkgsrc for its supported platforms and users.

The pkgsrc project takes particular care of the security of the software it provides. It notably features two distinct teams handling security aspects for the project: the pkgsrc Security Team, and the pkgsrc Release Engineering Group. While the former is mainly in charge of tracking security issues (including the maintenance of a list of known vulnerabilities), the latter actually updates the stable releases, including for security issues. These updates are usually filed by official developers for the project (also known as "pull-up requests").

Regardless of the presence and efficiency of the security management for the project, updates may not reach the users of the software in a timely manner. This is where platform hardening can help mitigating security issues as they occur; thankfully, pkgsrc offers a number of possibilities in this regard:

  • Stack Smashing Protection (SSP)
  • Fortify,
  • Position-Independent Executables (PIE)
  • RELRO,
  • reproducible builds.

This list is not exhaustive, and each feature comes with corresponding challenges. Their effective implementation often implies modifications in the Operating System, as well as in the target software (or its build system). While pkgsrc cannot automatically implement all of these features, it can be used to attempt to enforce them, and even detect where they fail to function. This submission will attempt to explain how, document the current status, and gather ideas for future work in this direction.