Skip to content

AetherShell 1.6.0 — security hardening

Latest
Latest

Choose a tag to compare

View all tags
@admercs admercs released this 04 Jun 16:43
· 33 commits to master since this release
v1.6.0
6357eaa

AetherShell 1.6.0 is a security-hardening release. It ships zero dependency CVEs, opt-in controls for running untrusted/agent-generated code (native-plugin gating, network egress allowlist, FIPS-strict crypto), and a new VM/sandbox benchmark in the bundled agentic-eval library. No breaking changes — every new control is opt-in, so existing scripts and configs run unchanged.

🔒 Security

Hardening from a security audit mapped to CVE / NIST FIPS / MITRE ATT&CK / CMMC 2.0:

  • 0 dependency CVEs. Patched quinn-proto (HIGH QUIC DoS), rustls-webpki (4 TLS cert-path-validation flaws), and tar (symlink chmod / PAX). Repaired the cargo-deny supply-chain gate (was unparseable under cargo-deny ≥ 0.18 and wrongly denied the project's own AGPL license).
  • SHA-256 integrity replaces collision-broken MD5 for checkpoint/state integrity (persistence.rs) and package-download verification (marketplace.rs). Legacy MD5 digests are still read for backward compatibility but never written.
  • Native plugin loader is default-deny in agent mode. Under AETHER_MODE=agent, DynamicPlugin::load refuses native plugins unless allowlisted via AETHER_PLUGIN_ALLOW=<dirs>; AETHER_PLUGINS=off is a hard kill switch. Closes a native-code-execution surface (ATT&CK T1129 / T1574).
  • Network egress allowlist. AETHER_NET_ALLOW=<hosts> restricts all network builtins to allowed hosts/subdomains (E_EGRESS_DENIED otherwise). Anti-exfiltration control (ATT&CK T1041).
  • FIPS-strict mode. AETHER_FIPS=1 enforces approved-algorithms-only: hash builtins reject MD5/SHA-1 (E_FIPS_DISALLOWED) and integrity verification fails closed on legacy MD5 digests (SHA-256 only). The crypto/FIPS posture and the remaining path to a FIPS-140-validated build are documented in docs/security/CRYPTO_AND_FIPS.md.

✨ Added

  • agentic-eval 0.8.0 — the bundled evaluation library gains a vms module: a curated benchmark of VM/sandbox systems (AetherVM, Firecracker, Cloud Hypervisor, gVisor, Kata Containers, QEMU/KVM, Docker) for agentic AI use, scored on agent-native axes (start-latency, density, isolation, snapshotting, agent-control). Run it with cargo run -p agentic-eval --example vm_benchmark. See crates/agentic-eval/CHANGELOG.md.

⬆️ Upgrade notes

Drop-in for 1.5.x — no config or script changes required. To turn on the new hardening for untrusted/agent workloads:

Goal Set
Lock down native plugins for agents AETHER_MODE=agent (+ AETHER_PLUGIN_ALLOW=<dirs> to permit specific ones)
Disable native plugins entirely AETHER_PLUGINS=off
Restrict outbound network AETHER_NET_ALLOW=example.com,api.internal
Enforce FIPS-approved crypto AETHER_FIPS=1

Checkpoints and downloaded packages are now verified with SHA-256; existing artifacts written by 1.5.x (MD5) still validate, and are upgraded to SHA-256 on next write.

Full changelog: https://github.com/nervosys/AetherShell/blob/v1.6.0/CHANGELOG.md
Licensed AGPL-3.0-or-later.

Assets 4
Loading