20 Mar
2011
20 Mar
'11
10:17 p.m.
Hello RoS developers,
I introduce myself. I'm Guillaume Touron, I'm a French engineering student
at National School of Computer Science and Applied Mathematics with
specialization in information systems and security. Apart from my studies I
am interested in OS development, Windows internals and application security
(vulnerabilities, reverse engineering, rootkits...). I read a lot about how
Windows internals work (kernel data structures...) and Windows security. I
have also some experience in NT driver development and kernel debugger
(WinDBG).
For many months now, I study RoS source code, and especially ntoskrnl
source. This includes object manager, i/o manager, security layer,
traps/exceptions management... I checkouted source code and installed RoS
build environment and I'm ready to begin development. I also took a look at
Se* kernel exported APIs, and tried to understand how security checks were
performed. That's why I'm interested in RoS GSoC Idea 'Security
Controls'.
Indeed, implementing this feature would be a good start to add multiuser
experience in RoS which is currently missing, and to manage efficiently
users and groups. I think I know what is needed to complete this project
successfully and I'm ready to write a detailed presentation/proposal to
explain what I understand and what would be my goals. I also did GSoC 2010
last year for Honeynet Project on network security area, but I'm more
interested in kernel development.
Finally, few questions : What should I do to propose in a formal way my
proposal to RoS community ? Is it an obligation to have already send some
patches or can we begin development as a new contributor ? Who can I
contact to speak about technical details ?
Thank you very much.
21 Mar
21 Mar
12:44 a.m.
Hi and welcome here Guillaume,
the background you bring with you here just sounds really promising.
If you are interested in kernel security, you may also have a look to the KSecDD driver
which also provides security components at kernel mode level. You can find some
information in the paper the NIST wrote.
Anyway, let's directly jump to your questions:
Finally, few questions : What should I do to propose
in a formal way my
proposal to RoS community ?
When sending your application for GSoC, you can either
choose a subject from the ReactOS Foundation and purpose a new one. At that time, feel
free to do so. Just ensure your project is "realistic" and that someone may
mentor it.
The best way to ensure that is to join us on ReactOS IRC channel (#reactos //
#reactos-dev) on Freenode to discuss that point.
Is it an obligation to have already send some patches
or can we begin development as a new contributor ?
Regarding GSoC, AFAIK, everyone
can send an application.
On the other hand, if you want to become a regular ReactOS dev, then you first have to
send several patches.
Who can I contact to speak about technical details ?
Well, there are several people you may contact. Regarding GSoC itself, and all the
procedures, you might contact our GSoC administrator: Ged Murphy.
Regarding security in kernel mode, and more specifically Se* package, you might contact
Eric Kohl, a dev who is working on it.
Finally, if you want to discuss about the ReactOS kernel or whatever else but in French,
don't hesitate to summon me ;-).
Regards,
P. Schweitzer
10:27 a.m.
Hi and welcome here Guillaume,
the background you bring with you here just sounds really promising.
If you are interested in kernel security, you may also have a look to
the
KSecDD driver which also provides security components
at kernel mode
level.
You can find some information in the paper the NIST
wrote.
Ok I found it, seems very interesting, I'm going to take a look at.
When sending your application for GSoC, you can either
choose a subject
from
the ReactOS Foundation and purpose a new one. At that
time, feel free to
do so.
Just ensure your project is "realistic" and
that someone may mentor it.
Actually, I'm interested on 'Security Controls' idea from your GSoC idea
page.
I want to focus on it and write a strong proposal, that's why I want to
talk about
technical details.
The best way to ensure that is to join us on ReactOS
IRC channel
(#reactos // #reactos-dev) on Freenode to discuss that point.
Yes, my nickname is Taron__ :)
Who can I contact to speak about technical details ?
Well, there are several people you may contact. Regarding GSoC itself,
and
all the procedures, you might contact our GSoC
administrator: Ged
Murphy.
Regarding security in kernel mode, and more
specifically Se* package,
you
might contact Eric Kohl, a dev who is working on it.
One of your developers sent my address to him, I'm waiting for his anwser
now :)
Finally, if you want to discuss about the ReactOS
kernel or whatever
else
but in French, don't hesitate to summon me ;-).
Great ^^
Thank you
10:10 a.m.
Hi Guillaume,
I gathered from your overview that you're interested in working exclusively
on the executive component in the kernel, otherwise known as the Security
Reference Monitor (SRM). Is that correct or do you also want to work on user
accounts?
Assuming so, do you plan on working on a specific area within this or
working on the component as a whole?
As you've probably seen, it has basic functionality, but some areas are
either incomplete or missing entirely.
A good example of this is the LSA stuff, I think Eric is working on this
area, but he seems to be concentrating on the usermode side of things so
maybe this would work out well.
Regarding your questions:
- to propose your project you should fill out an application form which is
available via the GSoC website under our organization link. We can help you
with filing this out if required.
- It's not an obligation to provide patches when applying for a student
position, although it would very much go in your favour if you did as it
would allow us to confirm the skills you suggest.
- You can use this mailing list to speak about technical details, you have
the best coverage here. Alternatively if you wanted a more private
discussion, you could email myself or Aleksey Bragin
You can find more information here :
http://www.reactos.org/wiki/People_of_ReactOS
Regards,
Ged Murphy.
-----Original Message-----
From: ros-dev-bounces(a)reactos.org [mailto:ros-dev-bounces@reactos.org] On
Behalf Of Guillaume Touron
Sent: 20 March 2011 22:18
To: ros-dev(a)reactos.org
Subject: [ros-dev] 'Security Controls' GSoC Idea
Hello RoS developers,
I introduce myself. I'm Guillaume Touron, I'm a French engineering student
at National School of Computer Science and Applied Mathematics with
specialization in information systems and security. Apart from my studies I
am interested in OS development, Windows internals and application security
(vulnerabilities, reverse engineering, rootkits...). I read a lot about how
Windows internals work (kernel data structures...) and Windows security. I
have also some experience in NT driver development and kernel debugger
(WinDBG).
For many months now, I study RoS source code, and especially ntoskrnl
source. This includes object manager, i/o manager, security layer,
traps/exceptions management... I checkouted source code and installed RoS
build environment and I'm ready to begin development. I also took a look at
Se* kernel exported APIs, and tried to understand how security checks were
performed. That's why I'm interested in RoS GSoC Idea 'Security
Controls'.
Indeed, implementing this feature would be a good start to add multiuser
experience in RoS which is currently missing, and to manage efficiently
users and groups. I think I know what is needed to complete this project
successfully and I'm ready to write a detailed presentation/proposal to
explain what I understand and what would be my goals. I also did GSoC 2010
last year for Honeynet Project on network security area, but I'm more
interested in kernel development.
Finally, few questions : What should I do to propose in a formal way my
proposal to RoS community ? Is it an obligation to have already send some
patches or can we begin development as a new contributor ? Who can I
contact to speak about technical details ?
Thank you very much.
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
10:45 a.m.
Hi Guillaume,
Hello
I gathered from your overview that you're
interested in working
exclusively
on the executive component in the kernel, otherwise
known as the
Security
Reference Monitor (SRM). Is that correct or do you
also want to work on
user accounts?
By reading the entry 'Security Controls' at:
http://www.reactos.org/wiki/Google_Summer_of_Code_2011_Ideas#Security_Contr…
I assume that some implementation is missing in SRM for multiuser support,
am I right ?
Then, I do not know what working on user accounts apply exactly, that's
why I would like to talk
with developers who worked on this area in order to get a better overview.
Assuming so, do you plan on working on a specific area
within this or
working on the component as a whole?
As you've probably seen, it has basic functionality, but some areas are
either incomplete or missing entirely.
Again I think it depends on what is actually missing in RoS for multiuser
security controls.
I can talk about it with others developers.
Regarding your questions:
- to propose your project you should fill out an application form which
is
available via the GSoC website under our organization
link. We can help
you
with filing this out if required.
Ok.
- It's not an obligation to provide patches when
applying for a student
position, although it would very much go in your favour if you did as it
would allow us to confirm the skills you suggest.
Are there specific bugs I could try to fix ?
- You can use this mailing list to speak about
technical details, you
have
the best coverage here. Alternatively if you wanted a
more private
discussion, you could email myself or Aleksey Bragin
You can find more information here :
http://www.reactos.org/wiki/People_of_ReactOS
Regards,
Ged Murphy.
Thank you very much!
1:55 p.m.
The Security Control idea was intentionally broad because ROS is missing
quite a few things with respect to security. It can be used as a basis for
"I want to work on OS security in ROS" but you will need to refine which
part of OS security in your proposal. Ged seems to be pointing you in the
right direction though based on your stated interests.
On Mon, Mar 21, 2011 at 5:45 AM, Guillaume Touron <
guillaume.touron(a)ensimag.fr> wrote:
Hi Guillaume,
Hello
I gathered from your overview that you're
interested in working
exclusively
on the executive component in the kernel,
otherwise known as the
Security
Reference Monitor (SRM). Is that correct or do
you also want to work on
user accounts?
By reading the entry 'Security Controls' at:
http://www.reactos.org/wiki/Google_Summer_of_Code_2011_Ideas#Security_Contr…
I assume that some implementation is missing in SRM for multiuser support,
am I right ?
Then, I do not know what working on user accounts apply exactly, that's
why I would like to talk
with developers who worked on this area in order to get a better overview.
Assuming so, do you plan on working on a specific
area within this or
working on the component as a whole?
As you've probably seen, it has basic functionality, but some areas are
either incomplete or missing entirely.
Again I think it depends on what is actually missing in RoS for multiuser
security controls.
I can talk about it with others developers.
Regarding your questions:
- to propose your project you should fill out an application form which
is
available via the GSoC website under our
organization link. We can help
you
with filing this out if required.
Ok.
- It's not an obligation to provide patches
when applying for a student
position, although it would very much go in your favour if you did as it
would allow us to confirm the skills you suggest.
Are there specific bugs I could try to fix ?
- You can use this mailing list to speak about
technical details, you
have
the best coverage here. Alternatively if you
wanted a more private
discussion, you could email myself or Aleksey Bragin
You can find more information here :
http://www.reactos.org/wiki/People_of_ReactOS
Regards,
Ged Murphy.
Thank you very much!
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
2:05 p.m.
- It's not
an obligation to provide patches when applying for a student
position, although it would very much go in your favour if you did as it
would allow us to confirm the skills you suggest.
Are there specific bugs I could try to fix ?
9:54 p.m.
When I saw RoS source code, there was some implementation for SRM
(SeAccessCheck & co). Actually, my first idea was to looking for what is
missing in this executive component for multiuser purpose. The best for me
would be to know what exactly is not implemented yet. I talked with
GedMurphy on IRC and he helped a lot. According to him, a standard
implementation already exists. But it needs to be improved a lot before
being multiuser capable. I will take a deep look at existing implementation
on RoS, and compare it to different sources as GedMurphy suggested to me.
Apart the executive component, what other components should be improved ?
Thank you
10:32 p.m.
Just to clarify, I think most of the work in the SRM to support
multiple users is already in place.
This isn't to say that the SRM is complete, it isn't. It's mostly just
token handling and security descriptors which are implemented at the
moment.
We still need support for ACLs and access state.
The current code needs an overhaul to bring it up to the standard of
the rest of the kernel.
Ged.
(SeAccessCheck & co). Actually, my first idea was
to looking for what is
missing in this executive component for multiuser purpose. The best for me
would be to know what exactly is not implemented yet. I talked with
GedMurphy on IRC and he helped a lot. According to him, a standard
implementation already exists. But it needs to be improved a lot before
being multiuser capable. I will take a deep look at existing implementation
on RoS, and compare it to different sources as GedMurphy suggested to me.
Apart the executive component, what other components should be improved ?
Thank you
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
10:41 a.m.
You can find more information here :
http://www.reactos.org/wiki/People_of_ReactOS
Apologies, that link should have been
http://www.reactos.org/wiki/Google_Summer_of_Code_2011
4936
days inactive
4937
days old
9 comments
4 participants
participants (4)
-
Ged Murphy -
Guillaume Touron -
Pierre Schweitzer -
Zachary Gorden