A completely-from-scratch hobby operating system: bootloader, kernel, drivers, C library, and userspace including a composited graphical UI, dynamic linker, syntax-highlighting text editor, network stack, etc.
Some of them are intentional and obvious: No FS permissions combined with write support means anyone can rewrite the master password file and make root's password butts. sudo doesn't check if a user has any right to become root, it just checks that your password is correct - free root for anyone who can prove they are themselves! These aren't considered bugs - they should be fixed, of course, but if someone comes up and says they've got an exploit for ToaruOS and it's just them rewriting the password file, you can laugh at them and walk away.
But like any project that hasn't really bothered much with security, ToaruOS has real issues, that actually should be considered bugs. I like to refer to those as "opportunities" - both for me, for aspiring security researchers, and for anyone who wants to contribute to the project.
Some known security issues that we actually consider bugs thus far:
[x] Pointer validations have been broken for an unknown amount of time as the kernel-user boundary was getting set to 0.
[x] The ELF loader doesn't really care about clobbering the kernel. A bad ELF executable could bring down the system, but a cleverly constructed one could have way more fun by rewriting kernel structures.
[ ] There are bound to be places we missed doing pointer checks in syscalls. Have fun with that.
Known security issues that aren't bugs but rather semi-intentionally missing features:
[x] File system permissions. We're actually in a good position to start implementing these if anyone wants to take a crack at it.
[x] Make a real sudo. This is kinda dependent on file system permissions existing, but the changes to sudo itself could be done now.
[ ] Yutani protocol doesn't care much for user separation, compositor lacks a lot of security checks.
[ ] Passwords are stored as simple SHA512 hashes. Implement bcrypt or something sufficiently similar. This is pretty well labeled as intentionally insufficient.
ToaruOS has more holes than swiss cheese.
Some of them are intentional and obvious: No FS permissions combined with write support means anyone can rewrite the master password file and make
root's passwordbutts.sudodoesn't check if a user has any right to becomeroot, it just checks that your password is correct - freerootfor anyone who can prove they are themselves! These aren't considered bugs - they should be fixed, of course, but if someone comes up and says they've got an exploit for ToaruOS and it's just them rewriting the password file, you can laugh at them and walk away.But like any project that hasn't really bothered much with security, ToaruOS has real issues, that actually should be considered bugs. I like to refer to those as "opportunities" - both for me, for aspiring security researchers, and for anyone who wants to contribute to the project.
Some known security issues that we actually consider bugs thus far:
Known security issues that aren't bugs but rather semi-intentionally missing features:
sudo. This is kinda dependent on file system permissions existing, but the changes tosudoitself could be done now.bcryptor something sufficiently similar. This is pretty well labeled as intentionally insufficient.