Re: [ANNOUNCE] DigSig 0.2: kernel module for digital signature verification for binaries

[viro]

On Wed, Oct 01, 2003 at 09:33:09AM -0400, Makan Pourzandi wrote:
 
> Third, the intruder now has access to the system, he cannot execute the 
> code he brought in with himself (not signed) or he cannot bring it in 
> (c.f. above). So he needs to compile the code on the system. AFAIK, for 
> the absolute majority of servers the admins remove all compilers 
> (specially gcc) on all servers. this is for several different security 
> reasons  (I don't want to get there). therefore, the above hypothesis 
> gets even more difficult to realize. 

Don't be ridiculous.  It's trivial to exploit a local buffer overrun in
one of your signed binaries and have the shellcode mmap the rest.  All
pre-built, of course.

> Last, but I believe the most important, the level of difficulty of 
> execution of such an attack is much higher than the average knowledge 
> level of many script kiddies. The absolute majority of attackers have 
> little or absolutely not any knowledge of the operating systems in 
> general and linux in particular, let aside the knowledge of writing a C 
> program, calling mmaps in that progam and run the malicious code to gain 
> access as root, then remove the module to execute a classical attack.
> 
> There is no such thing as 100% secure system, digsig increases the level 
> of security of the system as it just makes it much more difficult for 
> the intruder to succeed in his/her attack.

Rubbish.  You don't need to compile anything locally and the rest will be
done once by some wanker with half a clue and then repeated by wankers
without a clue (aka script kiddies).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/