Re: Mounting a in-ROM filesystem efficiently

From: Herman Oosthuysen (Herman@WirelessNetworksInc.com)
Date: Tue Dec 18 2001 - 12:05:02 EST

----- Original Message -----
From: Richard B. Johnson <root@chaos.analogic.com>
To: Helge Hafting <helgehaf@idb.hist.no>
Cc: <linux-kernel@vger.kernel.org>
Sent: Tuesday, December 18, 2001 7:00 AM
Subject: Re: Mounting a in-ROM filesystem efficiently

> On Tue, 18 Dec 2001, Helge Hafting wrote:
>
> > "Richard B. Johnson" wrote:
> >
> > >
> > > Security isn't a problem with embedded systems because everything
> > > that could possibly be done is handled with a "monitor". There is
> > > no shell. If there is no way to execute some foreign executable,
> > > you don't have a security issue unless some dumb alleged software
> > > engineer added some back-doors to the monitor.
> >
...
>
> Embedded systems that perform critical functions such
> as FMS (Flight Management Systems) have a reset button.
> If it's screwing up, and they often do, the pilot not
> flying says some four-letter prayers to be picked up
> by the cockpit microphone, hits the reset switch, waits
> for it to re-boot, and enters everything from scratch
> again --usually the entire day's flight-plan routes,
> taking nearly 1,000 key-strokes. Now, that's an embedded
> system.
>
>
> Cheers,
> Dick Johnson
>
> Penguin : Linux version 2.4.1 on an i686 machine (797.90 BogoMips).
> Santa Claus is coming to town...
> He knows if you've been sleeping,
> He knows if you're awake;
> He knows if you've been bad or good,
> So he must be Attorney General Ashcroft.
>
....
Hmm, there are lots of embedded things with network capabilities. Think of
wireless access points, network routers and switches. Even a network
printer can cause network chaos if it would start to chatter on the net.
Many of these things run FTP or HTTP servers for management purposes.

However, figuring out how to hack into a non-standard piece of hardware
using an unknown processor is a non-trivial problem - it is very difficult
even if you designed the thing yourself and has all the info, but could
therefore be done by a disgruntled ex-employee.

Exploiting well known network services such as FTP and HTTP for dark
purposes certainly should be a serious concern to manufactureres of these
devices. 

--
Herman Oosthuysen
Herman@WirelessNetworksInc.com
Suite 300, #3016, 5th Ave NE,
Calgary, Alberta, T2A 6K4, Canada
Phone: (403) 569-5688, Fax: (403) 235-3965

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Sun Dec 23 2001 - 21:00:16 EST