Re: thoughts on kernel security issues

From: Andrew Morton
Date: Wed Jan 12 2005 - 22:48:13 EST

Next message: Dmitry Torokhov: "Re: 2.6.9 & 2.6.10 unresponsive to keyboard upon bootup"
Previous message: Adam Kropelin: "[PATCH] contort getdents64 to pacify gcc-2.96"
In reply to: Dave Jones: "Re: thoughts on kernel security issues"
Next in thread: Chris Wright: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dave Jones <davej@xxxxxxxxxx> wrote:
>
> On Wed, Jan 12, 2005 at 06:28:38PM -0800, Andrew Morton wrote:
>
> > IMO, local DoS holes are important mainly because buggy userspace
> > applications allow remote users to get in and exploit them, and for that
> > reason we of course need to fix them up. Even though such an attacker
> > could cripple the machine without exploiting such a hole.
> >
> > For the above reasons I see no need to delay publication of local DoS holes
> > at all. The only thing for which we need to provide special processing is
> > privilege escalation bugs.
> >
> > Or am I missing something?
>
> The problem is it depends on who you are, and what you're doing with Linux
> how much these things affect you.
>
> A local DoS doesn't both me one squat personally, as I'm the only
> user of computers I use each day. An admin of a shell server or
> the like however would likely see this in a different light.
> (though it can be argued a mallet to the kneecaps of the user
> responsible is more effective than any software update)

yup. But there are so many ways to cripple a Linux box once you have local
access. Another means which happens to be bug-induced doesn't seem
important.

> An information leak from kernel space may be equally as mundane to some,
> though terrifying to some admins. Would you want some process to be
> leaking your root password, credit card #, etc to some other users process ?
>
> priveledge escalation is clearly the number one threat. Whilst some
> class 'remote root hole' higher risk than 'local root hole', far
> too often, we've had instances where execution of shellcode by
> overflowing some buffer in $crappyapp has led to a shell
> turning a local root into a remote root.

I'd place information leaks and privilege escalations into their own class,
way above "yet another local DoS".

A local privilege escalation hole should be viewed as seriously as a remote
privilege escalation hole, given the bugginess of userspace servers, yes?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Torokhov: "Re: 2.6.9 & 2.6.10 unresponsive to keyboard upon bootup"
Previous message: Adam Kropelin: "[PATCH] contort getdents64 to pacify gcc-2.96"
In reply to: Dave Jones: "Re: thoughts on kernel security issues"
Next in thread: Chris Wright: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]