Internet Security: An Optimist Gropes For Hope - PowerPoint PPT Presentation

About This Presentation

Title:

Internet Security: An Optimist Gropes For Hope

Description:

Most common question from the press: 'Is Internet security getting better or worse? ... if you can crack something offline, it becomes a game of sniff-and-crack ... – PowerPoint PPT presentation

Number of Views:74

Avg rating:3.0/5.0

Slides: 104

Provided by: billch

Category:

more less

Transcript and Presenter's Notes

Title: Internet Security: An Optimist Gropes For Hope

1
Internet Security An Optimist Gropes For Hope

Bill Cheswick, Chief Scientist
Lumeta Corp
ches_at_lumeta.com

2
(No Transcript)
3
Most common question from the press

Is Internet security getting better or worse?

4
Universal Answer

It is getting worse.

5
Why?
6
Aug. 1993

Writing FWAIS first edition
Most people use the Internet for email
The web was in the future
Most attacks were still theoretical

7
In August 1993

Morris sequence number hijack documented in the
80s, but not seen in the wild
Wholesale password sniffing hadnt been seen
No DOS attacks
Windows had no standard TCP stack, so it wasnt a
player
After Morris worm, but worms were scarce
Sendmail had been patched and all was well in the
world (not)

8
CERT advisories 1994

first advisory, released February 3, was a
response to a dramatic increase in network
monitoring by intruders, who were capturing
passwords and installing "back doors" for future
access to systems
attacks increased in a single week from a few
isolated reports to indications that tens of
thousands of systems may have been compromised
Unlike most security incidents, this one received
extensive attention from the media
the CERT team notified an archive site that their
software being readied for distribution had been
modified

9
CERT advisories, 1994

CA-9401 Ongoing Network Monitoring Attacks
CA-9402 Revised Patch for SunOS
/usr/etc/rpm.mountd Vulnerability
CA-9403 AIX Performance Tools Vulnerabilities
CA-9404 SunOS /usr/ucb/rdist Vulnerability
CA-9405 MD5 Checksums SunOS files
CA-9406 Writable /etc/utmp Vulnerability - SunOS
4.1.X
CA-9407 wuarchive ftpd Trojan Horse
CA-9408 ftpd Vulnerabilities- wuarchive and BSDI
ftpd

10
CERT advisories, 1994 (cont.)

CA-9409 /bin/login Vulnerability
CA-9410 IBM AIX bsh Vulnerability
CA-9411 Majordomo Vulnerabilities
CA-9412 Sendmail Vulnerabilities
CA-9413 SGI IRIX Help Vulnerability
CA-9414 Trojan Horse in IRC Client for UNIX
CA-9415 NFS Vulnerabilities

11
Many attacks were theoretical

SYN packet flooding
Mail flooding and similar application overflows
TCP hijacking
Hadnt seen a worm in years
Unix viruses were research topics
Attacks on the TCP/IP stacks
Packet amplification

12
and then they happened

Massive sniffing (1994)
SYN packet DOS attacks (1996)
TCP hijacking (1996)
Ping-of-death (1996?)
Son of crashme
SMURF (1997?)
Massive worm and viral outbreaks
Mellissa, Code Red, etc. etc.

13
There are a lot more players, and on average they
are a lot less secure
14
When I started at the Labs (Dec 1987)

Most of the hosts on the Internet were listed in
a single file named hosts.txt
Most of the systems were various flavors of Unix
or VMS
Most systems had some sort of professional system
administration, at least sometimes
Win98 was ten years away
There wasnt much at stake, perhaps even on
MILNET
MILNET was easy to disconnect, and sometimes was
Well, maybe.
Numerous attacks were theoretical

15
Now, everyone is on the Internet

Grandma has ruined it for all of us
The Internet subway goes to all the bad
neighborhoods
Vast, dangerous software packages with dangerous
capabilities run nearly everywhere
Most of the theoretical attacks are now
implemented and used regularly.

16
Weve been losing ground for decades

Bad guys are figuring out attacks that we have
been waiting for over the years
Very few surprises
Arms races are proceeding on many fronts
Defense has improved slowly, even on systems
where it ought to be easy to improve
System administration is a nightmare
Open research problem

17
Life cycle of a security bug, roughly

It is first discovered
It is first exploited, usually manually
It is announced
A patch is made available
Some people patch the hole
A worm or virus exploits the hole
More people patch it
Eventually the software goes away

18
Yeahbuttal
19
Cost vs. Benefits

If you look at just one of these, you are doing
half the job

20
OTOH, tools we didnt have in 1994

Available, working, distributable crypto
No ssh
Firewalls build it yourself
Stateful inspection had been pondered, but not
available
Want to hack a kernel?
IDS, honey pots, and lots of other tools available

21
Bright spots, now

The crypto export war appears to be over
There are better tools available for some
situations
Ssh
IPsec
Better Linux and Unix systems
Microsoft security initiative
Honeyd and other tools
Unx/Linux/GNU is freely available, and a
reasonable solution

22
I am optimistic. Good security is possible

One can engineer reliable systems out of
unreliable parts
We have the home-field advantage we can choose
to set the rules on our hosts
World-class encryption is now available and cheap
The Bad Guys are giving us lots of practice

23
There are a lot of benefits

Some successful web business models
Fedexpackage progress
Amazon access to the 100,000th book on the best
seller list
Access to vast educational resources
College courses
Research papers in most disciplines
Access to raw data
Better access to government (still spotty at the
local level.)

24
Financial business models are working

On-line banking and brokerage access
Paypal (bismuth)
Internet access is so widely available and used
that the states are starting to tax it
Insurance companies are still reluctant to write
hacking insurance
What does hurricane Andrew look like?

25
And Microsoft
26
What does good security feel like?

Confidence without hubris

27
The Morris worm Nov. 1988

I was running the Bell Labs firewall
Heard about the worm on the radio upon awakening
What was my first reaction?
This is what good security is about

28
Some facts to keep in mind economics

Security is never perfect economic concerns are
always present
What is the value of what we are trying to
protect, and what is our adversary willing to
spend
Miscomputation of this balance is the underlying
cause of security breaches
We are always aiming for good enough, though
good enough has to be good enough

29
Some things we cant fix

We have to engineer around them

30
Social Engineering
Hello, this is Dennis Ritchie calling. Im in
Israel now and I have forgotten my
password. Hello, ltadmin-namegt, Ive
just started work here. ltBoss-namegt said I
should have an account on lttarget-hostgt
31
I need to manage expectations here

The Internet will never be 100 secure. Such
security is not possible
Some problems are over-constrained
Security is always about economics
Good enough is good enough
For many, the Internet is already good enough
Amazon, ebay, fedex, etc. etc.
Viruses, worms, spam arent that bad

32
Software will always have bugs

Perhaps DEK would be interested in working on
inetd, and a web server. A kernel. Heck, the
works
Marcus Ranum couldnt get inetd right in 60 lines
Perhaps formal methods will work some day
Must produce widely-useful morsels of software
Start with the likes of ASN.1 and openssl

33
People pick lousy passwords

Best solution dont let them
Computer-generated keys are held in smart keys,
USB dongles, etc.
Dont allow dictionary attacks on passwords,
password-derived keys, PINS
This means that on-line authentication servers
are neededif you can crack something offline, it
becomes a game of sniff-and-crack

34
Some facts to keep in mind users are not
security experts

Computer systems are fantastically complex even
the experts do not understand all the
interactions
People pick lousy passwords

35
Social Engineering (cont.)
Click here to infect your computer.
36
Another problem with strange programs
37
Managing expectations Denial-of-Service

It is here to stay
Any public service can be abused by the public
There are mitigations, but I dont see full
solutions
Best solution throw hardware at the problem

38
Wireless passwords

G1zmoniq! kkB5cKkn0 pf-itAot?78 Mhr370Chiz YuzTmKm
dugod123 tr.fbgi!
These are mostly POP3 (email) passwords
39
Experts cut corners, too

Fred Grampps password was easily found with a
dictionary attack
Ssh hijacking at conferences
Temporary holes are forgotten

40
I cheated on my authentication test
acct challenge
response ches '00319 Thu Dec 20 153222
2001 ' '23456bcdf.k' OK root '00294 Fri Dec
21 164739 2001 ' 'nj3kdi2jh3yd6fh/' OK ches
'00311 Fri Dec 21 164850 2001 ' '/ldh3g7fgl'
OK ches '00360 Thu Jan 3 125229 2002 '
'jdi38kfj934hdydkf7' OK ches '00416 Fri Jan
4 090202 2002 ' 'jf/l3kf.l2cxn.' OK ches
'00301 Fri Jan 4 132912 2002 '
'j2mdjudurut2jdnch2hdtg3kdjfs'/s' OK ches
'00301 Fri Jan 4 132930 2002 '
'j2mdgfj./m3hd'k4hfz' OK ches '00308 Tue Jan
8 093526 2002 ' '/l6k3jdq,' OK ches '84588
Thu Jan 10 092418 2002 ' 'jf010fk.j' OK ches
'84588 Thu Jan 10 092435 2002 '
'heu212jdg431j/' OK ches '00306 Thu Jan 17
104600 2002 ' 'jfg.bv,vj/,1' OK ches '00309
Fri Jan 18 093709 2002 ' 'no way 1 way is
best!/1' OK ches '00309 Fri Jan 18 093736
2002 ' 'jzw' NO ches '00368 Tue Jan 22
095141 2002 ' '84137405jgf/' OK ches '00368
Tue Jan 22 095156 2002 ' 'k762307924a/q'
OK ches '80276 Fri Feb 1 150018 2002 '
'/,f9gjh,md' OK ches '00165 Wed Feb 6
103700 2002 ' 'jduse7fh.,cf' OK ches '67795
Mon Feb 11 085011 2002 ' 'dbfho1jdh1mdhfg'
OK ches '00164 Thu Feb 14 093716 2002 '
'jpiw8eury3yru8fkdh' OK ches '00164 Thu Feb
14 093734 2002 ' 'm1j4i0kk5'' OK ches
'00167 Mon Feb 18 093406 2002 ' 'dm,c.lv/fl7'
NO ches '77074 Tue Feb 19 090252 2002 ' 'd'
NO ches '77074 Tue Feb 19 090257 2002 '
'hbcg3'd/' OK ches '00158 Wed Feb 20
113324 2002 ' 'ebdj8fjtkd' OK
41
I cheated on my authentication test (cont.)
ches '00156 Thu Feb 21 095832 2002 '
'jdufi46945jhfy37/' OK ches '00210 Thu Feb 21
095912 2002 ' '123456abcdefihjd32/' OK ches
'00163 Mon Feb 25 092430 2002 ' 'd' NO ches
'00163 Mon Feb 25 092435 2002 '
'ozhdkf0ey2k/.,vk0l' OK ches '00154 Tue Feb
26 105448 2002 ' 'j4if9dl/0hgg/' OK ches
'59810 Tue Mar 12 090340 2002 ' '60673h4,dk/'
OK ches '59810 Tue Mar 12 090358 2002 '
'ju607493,l/' OK ches '00156 Tue Mar 12
124112 2002 ' '347 but not 10 or 4/2' OK ches
'00161 Fri Mar 15 094120 2002 '
'/.,kl9djfir' OK ches '00161 Fri Mar 15
094136 2002 ' '3' NO ches '00160 Mon Mar 25
085259 2002 ' '222' OK ches '00160 Mon Mar
25 085309 2002 ' '2272645' OK ches '29709
Mon Apr 1 113634 2002 ' '4' OK ches '87197
Mon Apr 1 114141 2002 ' 'x' NO ches '87197
Mon Apr 1 114149 2002 ' '234jkfd' OK ches
'00162 Wed Apr 3 104358 2002 ' 'zb' NO ches
'45303 Thu Apr 4 105206 2002 ' 'bn' NO cges
'45303 Thu Apr 4 105210 2002 ' '' NO ches
'45303 Thu Apr 4 105215 2002 ' ''zx' NO ches
'45303 Thu Apr 4 105219 2002 ' 'zx' NO ches
'41424 Mon Apr 8 094909 2002 ' 'ab3kdhf'
OK ches '85039 Tue Apr 9 094606 2002 '
'04' OK ches '00154 Tue Apr 9 114116 2002
' '07' OK ches '00160 Tue Apr 16 085829
2002 ' 'jdnfc8djd9dls'/' OK ches '00161 Thu
Apr 18 104910 2002 ' 'x' NO ches '00161 Thu
Apr 18 104914 2002 ' '898for/dklf7d' OK

42
Some principles and tools

Security 101, the slow part of the talk

43
Security strategies

Stay out of the game, if you can
Defense in depth if you have to be in the game
Always, always make it as simple as possible
Design security in from the start it is an
attribute of the infrastructure, not a feature to
be added later

44
Staying out of the game

Best block is not be there Karate Kid 1
Users password and PIN choices are less
important if dictionary attacks are not possible
Mellissa at Lucent
The Unix V7 mailer
Avoiding the monoculture

45
Defense in depth

If you are dealing with imperfect systems,
engineer redundancies to improve the reliability

46
(No Transcript)
47
Secure defaults are important

If you use 10 of the features 90 of the time,
the other features can be disabled
This has long been a problem with Unix systems
Default network services include many dangerous
ones
Most systems still need field-stripping
New Microsoft security initiatives include a
close examination of defaults

48
Security doesnt need to be inconvenient

Modern hotel room keys
Modern car keys

49
Some solutionsHardware tokens

SecureID
time-based
S/Key
software or printout solution
Many others
usually proprietary server software
New USB dongles are just the ticket!

Digital Pathways SNK-004
50
One-time Passwords
RISC/os (inet) Authentication Server. Id?
ches Enter response code for 70202
04432234 Destination? cetus
51
Authentication

or use a USB or PCCard key
You need them for your hotel room and rental car,
and you dont complain about that

52
Principles and tools encryption

Moores law fixed this
We won the crypto wars

53
Encryption is necessary, but not sufficient

Many (most?) attacks arent associated with
wiretaps
IPsec is well-defined, and could be ubiquitous
Microsoft ought to make it the default for their
clients
End-to-end encryption makes the wireless and
Ethernet sniffing problem go away

54
Tools Trusted Computing Base

This is hard, but there are usable solutions out
there
Its debatable whether Microsoft has produced
software yet that deserves to be trusted
Their new security thrust is real, but it is a
huge job

55
Default servicesSGI workstation
ftp stream tcp nowait root
/v/gate/ftpd telnet stream tcp nowait root
/usr/etc/telnetd shell stream tcp
nowait root /usr/etc/rshd login stream tcp
nowait root /usr/etc/rlogind exec
stream tcp nowait root /usr/etc/rexecd
finger stream tcp nowait guest
/usr/etc/fingerd bootp dgram udp wait
root /usr/etc/bootp tftp dgram udp
wait guest /usr/etc/tftpd ntalk dgram
udp wait root /usr/etc/talkd tcpmux
stream tcp nowait root internal echo
stream tcp nowait root internal discard
stream tcp nowait root internal chargen
stream tcp nowait root internal daytime
stream tcp nowait root internal time
stream tcp nowait root internal echo
dgram udp wait root internal discard
dgram udp wait root internal chargen
dgram udp wait root internal daytime
dgram udp wait root internal time
dgram udp wait root internal sgi-dgl
stream tcp nowait root/rcv dgld uucp
stream tcp nowait root
/usr/lib/uucp/uucpd
56
More default services
mountd/1 stream rpc/tcp wait/lc root
rpc.mountd mountd/1 dgram rpc/udp wait/lc
root rpc.mountd sgi_mountd/1 stream rpc/tcp
wait/lc root rpc.mountd sgi_mountd/1 dgram
rpc/udp wait/lc root rpc.mountd rstatd/1-3
dgram rpc/udp wait root rpc.rstatd
walld/1 dgram rpc/udp wait root
rpc.rwalld rusersd/1 dgram rpc/udp wait
root rpc.rusersd rquotad/1 dgram rpc/udp
wait root rpc.rquotad sprayd/1 dgram
rpc/udp wait root rpc.sprayd
bootparam/1 dgram rpc/udp wait root
rpc.bootparamd sgi_videod/1 stream rpc/tcp wait
root ?videod sgi_fam/1 stream
rpc/tcp wait root ?fam
sgi_snoopd/1 stream rpc/tcp wait root
?rpc.snoopd sgi_pcsd/1 dgram rpc/udp wait
root ?cvpcsd sgi_pod/1 stream rpc/tcp
wait root ?podd tcpmux/sgi_scanner
stream tcp nowait root ?scan/net/scannerd tcp
mux/sgi_printer stream tcp nowait root
?print/printerd 9fs stream tcp
nowait root /v/bin/u9fs u9fs webproxy
stream tcp nowait root
/usr/local/etc/webserv
57
If You Dont have a Trusted Computing Base
58
Firewalls Perimeter defenses
59
Firewalls have their uses

Medium-grade security
Personal firewalls are useful
Firewalls in cheap network equipment does a good
job for simple, useful security policies

60
Firewalls Not a panacea

Backdoors usually diminish the effectiveness
Commercial firewalls are probably OK
May give community a false sense of security

The firewall is often the only secure part of a
configuration
People go around them
People go through the bad ones
No protection from insiders

61
Anything large enough to be calledan intranet
is probably out of control
62
(No Transcript)
63
This was Supposed To be a VPN
64
Some intranet statisticsfrom Lumeta clients
65
Perimeter defenses dont work if the perimeter is
too big

Small enclaves are much safer
Implemented with
routing restrictions
Intranet firewalls
Encryptions
Most of my family is in an enclave, and that is
about as large as Id like it to be

66
Example Life Without a Firewall

Trusting Your Computing Base, or Skinny-dipping
on the Internet

67
It can be done
68
Life without a firewall

Its like skinny-dipping
For a security person, it keeps one focused
Extra layers of security built into network
services
Belt-and-suspenders
net-rot (route-rot?) can be fatal
Confidence in the face of wide-spread network
mayhem

69
We need to be able to trust our hosts

Secure software with good system management
Microsoft doesnt hack it, yet.
Long history of putting features over security
A huge software base to fix
Customers used to dangerous services Honey,
Ill be home at six can have a virus!

70
Secure host technology

Goes way back Multics, Burroughs
Current efforts in BSD systems (especially
NetBSD) and Linux
Jailing servers, clients(!)
Chroot technologies have a lot of promise
Need solutions over several Unixoid operating
systems
Microsofts security initiative appears to be real

71
Secure host technology

Digital Rights Management Palladium can help us
Load and run only approved software thats not
all bad

72
Routes to root
start
73
root network services

In general, there are way too many of them

74
Setuid-root programs

Waaaaaay too many of these

75
Root the gateway to privilege
find / -perm -4000 -user root -print wc -l
76
Setuid-root
AIX 4.2 242 a staggering
number \\ BSD/OS 3.0 78\\ FreeBSD
4.3 42 someone's guard
machine\\ FreeBSD 4.3 47 2
appear to be third-party\\ FreeBSD 4.5
43 see text for closer analysis \\ HPUX
A.09.07 227 about half may be
special for this host \\ Linux (Mandrake 8.1)
39 3 appear to be third-party \\ Linux
(Red Hat 2.4.2-2) 39 2 third-party
programs \\ Linux (Red Hat 2.4.7-10) 31
2 third-party programs\\ Linux (Red Hat 5.0)
59\\ Linux (Red Hat 6.0) 38 2--4
third-party \\ Linux 2.0.36 26
approved distribution for one university \\ Linux
2.2.16-3 47 \\ Linux 7.2
42\\ NCR Intel 4.0v3.0 113 34
may be special to this host \\ NetBSD 1.6
35 \\ SGI Irix 5.3 83 \\ SGI
Irix 5.3 102 \\ Sinux 5.42c1002
60 2 third-party programs\\ Sun
Solaris 5.4 52 6 third-party
programs\\ Sun Solaris 5.6 74 11
third-party programs\\ Sun Solaris 5.8
70 6 third-party programs\\ Sun Solaris 5.8
82 6 third-party programs\\ Tru64
4.0r878 72 \\
77
So, dont have network services.

In general, there are way too many of them

78
So, dont have users

In general, there are way too many of them

79
Get rid of setuid programs if you do have users

In general, there are way too many of them

80
Minimize root network services

Use non-root services if at all possible

81
Three layers of defense we might have

Properly-programmed and configured server
software, I.e. security bug-free
Operating system user name and file permissions
providing some protection
Chroot and various jailing technologies
FreeBSD jail(1)
Various system call monitors
Alas, chroot is the only standard

82
Chroot

In V7 Unix. Maybe earlier
Restricts file system access only
User root mayHHHcan escape from chroot
Non-root users cannot invoke chroot
Many other attacks possible from chroot
Net access, cpu/file/swap exhaustion, system call
probes

83
Awful stuff you have to do to jail a program

Make a static binary or
Include all the shared libraries in the chroot
directory
Build a whole file system (a la jail(1)) or
Copy each file into the jail
/etc/hosts, /dev/null, /dev/zero, /etc/passwd,
etc
Debug the startup
Put the logs somewhere

84
Example a web server highly-resistant to
defacement
85
Goal

A web server that cannot be defaced
Read-only content
Provisioned by ssh from trusted client
No active content
Limited capacity (20 queries/second)

86
Implementation

Inetd entry calls chroot for every HTTP query
Chroot jails apache web server
Server runs non-root, has write access only to
logs and tmp directory
Therefore, compromised server can only serve bad
pages to the attacker
Chroot doesnt limit everything, or course
Net access
Swap, disk, CPU exhaustion

87
Other software I have jailed

POP3 (simple email)
May lose email if compromised
Samba (windows SMB file system server)
May lose files if compromised
HTTPS SSL for the web server
May lose the private key if compromised
Simple services for web active content

88
FOR THE FINAL APPROVAL IS THE FUND TO COMMENCE
THIS TRANSACTION WHILE 80 WOULD BE INVESTED AND
YOU HAVE ABSOLUTE CONTROL OVER THIS IS WHAT IS
CALLED TOPPING(ADDITION/LOADING OF EXTRA
QUANTITIES/BARRELS ON TO THE SON OF THE FUND FROM
HIS ACCOUNT UNLESS SOMEONE APPLIES FOR CLAIM AS
THE NEXT OF KIN. I AM OPEN TO ADVICE. PLAESE DO
GET BACK TO ME AS SOON AS BE REST ASSURED THAT
THERE IS ABSOLUTELY NO RISK INVOLVED IN ANY
FINANCIAL TRANSACTION WHATSOEVER, THE NETHERLANDS
WHO WILL ASSIST ME IN THE NETHERLANDS PROHIBIT A
REFUGEE (ASSYLUM SEEKER) TO OPEN ACCOUNT OR TO BE
AGREED UPON WHEN WE COME DOWN OVER THERE BECAUSE
WE CANNOT RELEASE THE TOTAL SUM 15.5 MILLION USD
IN A PLACE OF YOUR INTEREST BY A RETURN E-MAIL
AND ENCLOSE YOUR PRIVATE CONTACT TELEPHONE NUMBER
FAX NUMBER FULL NAME AND ADDRESS OR YOUR COMPANY
NAME ADDRESS AND ENDEAVOUR TO FURNISH ME WITH
YOUR FULL THIS TRANSACTION AND CLAIM THE BOXES
FROM THE DESK OF MR IBE OKONDU ECO BANK PLC
LAGOS-NIGERIA 234012902565
89
Generic Viagra is a trademark of the receipt of
your country, who used to work with you based on
trust as the funds you will remain honest to me
till the end of the Petroleum Resources (NNPC) by
a foreigncontracting firm, which we wish to enter
into a safe foreigners account abroad before the
rest.But I don't know any foreigner,I am only
contacting you because the management is ready to
give you reasonable share of the Nigerian
National Petroleum Corporation. On completion of
our present situation I cannot do it all by It is
from the company. For onward sfer to your home
within 14 working days of commencement after
receipt of the funds .You know my father I happen
to be used in settling taxation and all local and
foreign exchange departments. At the conclusion
of this letter using the above e-mail address. I
will give to you I await your response. Yours
sincerely Taofeek Savimbi. Please click here
90
Some jail themselves, or should

DNS/bind
Maybe apache someday
NTP should, and needs least-privilege time
setting permissions. Write permission on
/dev/time?
PAM service?

91
Example Amazon, Fedex,
92
Things are getting better we have business models

We know a bit about hacking and loss rates
Insurance companies are starting to write hacking
insurance
Question what does hurricane Andrew look like on
the Internet?

93
Example Spook networks
94
Talk to spooks they have security experience

Dont try to get their secrets, get their
security advice
A number of secret networks appear to be well-run
Slammer-free
Rare virus sightings
They do all the stuff we all know about, and
Management uses a big hammer for compliance
Bigger problem than spies morons

95
Spooks

Use enclaves
Run their own compilers
Buy off-the-shelf hardware
Restrict client software
Spend a lot of money testing things like openssl
The public could use this research

96
Spooks

Watch their networks closely
Make IP addresses useful
No RFC 1918, they need accountability

97
Chess wish list

(incomplete)

98
Chess wish list

More work on chroot/jail
Implement on BSD and Linux, or the jobs not
done
Plan 9 has some nice ideas to check out
Better user file system access model than
NFS-based solutions
Revisit the DFS wars of the mid-80s
More tiny, tested servers with limited
capabilities
Operating system security enhancements, and
installation scripts that make them useful
Sandboxes and similar technologies in Windows

99
More wishes