search

CTSRD-CHERI / FETT

Issue only repo to support the FETT project
0 stars 0 forks source link

FETT MOTD Needs Tweaks #12

Closed jrtc27 closed 4 years ago

jrtc27 commented 4 years ago

Currently this is what you see upon starting a new instance:

Last login: Thu Jul  2 02:27:47 2020
FreeBSD 13.0-CURRENT (CHERI_FETT) #0 8b267d4eafb-c327711(fett-manpages-motd): Tue Jun 30 00:05:36 BST 2020

Welcome to CheriBSD (FETT edition)!

CheriBSD extends FreeBSD to implement memory protection and software
compartmentalization features supported by the CHERI ISA.

CheriBSD source may be found at https://github.com/CTSRD-CHERI/cheribsd/

Find out more about about CHERI at http://cheri-cpu.org/

Vulnerable FETT target applications are installed under /fett including
OpenSSH, SQLite, nginx (under /fett/nginx), and the voter registration
system application.

A CHERI-aware version of gdb is installed.

An experimental pure-capability version of bash is installed if you
desire a more familiar shell experience.

Find out more about CHERI and FETT at:
https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri-fett.html
After you compiled and installed a new version of FreeBSD, use etcupdate(8) to merge
configuration updates.
Run "etcupdate extract" once when your sources match your running system, then run
"etcupdate" after every upgrade and "etcupdate resolve" to resolve any conflicts.

        -- Lars Engels <lme@FreeBSD.org>
<username>@cheri-fett:~ $

  1. (minor) We probably would rather the branch name not be `fett-manpages-motd)

  2. The etcupdate(8) bit tacked on the end is not something we want, and at first glance makes it look like the whole MOTD was written by lme@.

  3. The researcher's account is set up with /bin/sh as their shell (and even with root access the flow is to use su), so we might want to reword the bash message to be clearer as initially they might believe they're using bash.

brooksdavis commented 4 years ago
  1. I'll take more care to have my cheribsd checkout be clean and in the right directory when I do the next build.
  2. That's not part of the motd, it's an invocation of fortune freebsd-tips in the default non-root dot files. I agree it's confusing (and I've never found that feature useful). I'll remove that from CheriBSD.
  3. How about :Your default shell is /bin/sh, if you desire a more familiar experience you can exec bash or change your shell to /usr/local/bin/bash with the chsh command.
jrtc27 commented 4 years ago
  • How about :Your default shell is /bin/sh, if you desire a more familiar experience you can exec bash or change your shell to /usr/local/bin/bash with the chsh command.

I'd change that to:

Your default shell is /bin/sh. If you desire a more familiar experience you can exec bash -l or change your default shell with chsh -s bash.

brooksdavis commented 4 years ago

Addressed 1 and 2 with merge of CTSRD-CHERI/cheribsd#583

Addressed 3) in https://github.com/CTSRD-CHERI/SSITH-FETT-Target/commit/c50dc6c927c93fe79cc82fb4647a9f05767cd02a

jrtc27 commented 4 years ago

Hmm, we've lost the wording about it being experimental though... (and thus part of the reason why it's not the default)

brooksdavis commented 4 years ago

https://github.com/CTSRD-CHERI/SSITH-FETT-Target/commit/d5892af45a0b412cff79b74e6e758799ec9315b3 adds a note to that effect.