The last NetBSD release I used was 3.0. Since then a couple of security mechanisms have been implemented and improved. In the recently released NetBSD 4.0 these are:
- kauth
- PaX mprotect
- fileassoc
The kernel authorization framework or simply kauth(9) first appeared in Mac OS X 10.4 Tiger and later adapted by NetBSD. It was designed to implement access control lists (ACL). With kauth(9) you can create security models using secmodel(9). Together they function similar to other pluggable security frameworks like Linux Security Module (LSM).
NetBSD has implemented mprotect(2) restrictions based on PaX. As you may know PaX is the most effective protection against a wide range of attacks such as code injection, ret-to-libc and memory corruption. Enforced non-executable memory pages without a restricted mprotect(2) is considered risky because an attacker can ret-to-mprotect(2) after injecting code bypassing the so-called NX protection.
The fileassoc(9) Kernel Programming Interface is a file system independent interface for uniquely identifying files. A proactive Tripwire-like monitor can be implemented using fileassoc(9) via Veriexec.
These in-kernel or built-in security features are really useful and cool. Thanks to Elad Efrat's initiative we can take advantage of effective security mechanisms in this great operating system. Looking forward for additional security features and specially a complete PaX implementation.
I also applaud their removal of Sendmail. Quoting Christos Zoulas in the Ars Technica interview:
Sendmail has been, is, and will be a security accident waiting to happen (unless it is rewritten from the ground up with security consciousness). Performing character pointer gymnastics in 50-100 line loops does not create any warm and fuzzy feelings for me. To top this off, most sendmail security issues are marked as confidential, and we are prevented from fixing or mentioning the problem until the ban is lifted. The last time this happened, we said "enough" and removed it altogether before the ban for that particular security issue was lifted.Now we can say "Of course it runs a secure NetBSD."
