Securing the Programmer

Susan Sons — Tue, 13 Sep 2016 13:00:00 +0000

I have a favorite saying: "If you are a systems administrator, you have the keys to the kingdom. If you are an open-source programmer, you don't know which or how many kingdoms you have the keys to." We send our programs out into the world to be run by anyone for any purpose. Think about that: by anyone, for any purpose. Your code might be running in a nuclear reactor right now, or on a missile system or on a medical device, and no one told you. This is not conjecture; this is everyday reality. Case in point: the US Army installed gpsd on all armor (tanks, armored personnel carriers and up-armored Humvees) without telling its developers.

This article focuses on the needs of infrastructure software developers—that is, developers of anything that runs as root, has a security function, keeps the Internet as a whole working or is life-critical. Of course, one never knows where one's software will be run or under what circumstances, so feel free to follow this advice even if all you maintain is a toddler login manager. This article also covers basic security concepts and hygiene: how to think about security needs and how to keep your development system in good shape to reduce the risk of major computing security mishaps.

This guide isn't going to teach you everything about security. It will give you an idea of what to do, but in many cases, you'll need to rely on man pages and other documentation to get the "how". I did that both for brevity and to ensure that this article covers various Linux distributions equally and without becoming out of date in a matter of weeks.

I chose the controls here carefully. It is the set of controls that is consistently available across Linux distributions, realistic for developers to maintain even if they are developing open-source software as a side project and can't put many hours into it. It's maintainable without extensive training and has highest impact for the security of the software being developed. All of those things are judgment calls, and I welcome debate about them. The goal of this guide is not "ultimate security" or the fabled "uncrackable system". It is to raise the bar for security hygiene among open-source infrastructure software developers significantly from where it is right now.

I'd love to find that, in a year from now, we're all much more secure and can iterate on our standards again. In my perfect world, I write this article every spring, we all up our game a notch, and the following spring, we are prepared to make the jobs of ransomware developers, spammers, oppressive governments, corporate spies and so on even harder than before.

Go to Full Article

March 2015 Issue of Linux Journal: System Administration

Shawn Powers — Mon, 02 Mar 2015 16:38:32 +0000

by Shawn Powers

System administration is a very general term. It's our job to fix problems, repair systems and remind people to try power cycling their troubled desktops. We are also responsible for creating systems that don't develop problems, need fewer repairs and run without being power cycled. In an ideal world, system administrators would work themselves out of a job in short order. Thankfully (or unfortunately?), that's not how it goes. We always have problems to fix, and there's always a better way to do what we're doing. Thus, system administration is a vibrant and ever-changing field. This month, we learn how to be better at our jobs, even if the measure of "success" is constantly fluctuating.

Dave Taylor starts off this issue with a continuation of his script-based card game. Designing games with Dave is a great way to become better shell scripters, and so in a very real sense, we can justify playing games at work. Kyle Rankin follows Dave with a nerdier sort of game: trying to replace the proprietary BIOS on a ThinkPad with Libreboot. Coreboot is an open-source BIOS replacement, and Libreboot goes a step further by stripping out all the proprietary code. If you think having a free BIOS with built-in GRUB sounds interesting, you'll want to check out Kyle's column this month.

My personal contribution to the System Administration issue is something I find to be more useful than I ever expected. Android tablets are convenient for things like Wi-Fi sniffing, but they are often unwieldy to carry around. My solution is to convert a cheap pre-paid cell phone into a tiny, pocket-size tablet. If you already have an Android phone, it might be redundant, but for me, a $20 tablet was too hard to pass up. In my column, I give you all the details.

Puppet is an incredible tool for managing the system configurations of multiple nodes. Scott Lackey describes a great tool we can use to store site-specific data more efficiently (and securely). Hiera is a key/value lookup tool that integrates directly with Puppet and makes a great tool even better. If you want to have a clear separation between your sensitive data and the Puppet system that uses it, or if you want to save time by reusing common data, Hiera is a tool any Puppet admin will want to check out.

Go to Full Article