Re: thoughts on kernel security issues

From: Dave Jones
Date: Thu Jan 13 2005 - 00:22:21 EST

Next message: Miklos Szeredi: "Re: [PATCH 2/11] FUSE - core"
Previous message: Scott Laird: "TG3 driver dies with "irq 12: nobody cared" on 2.6.10 (x86)"
In reply to: William Lee Irwin III: "Re: thoughts on kernel security issues"
Next in thread: Alan Cox: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 12, 2005 at 08:49:19PM -0800, William Lee Irwin III wrote:

> On Wed, Jan 12, 2005 at 10:35:42PM -0500, Dave Jones wrote:
> > The problem is it depends on who you are, and what you're doing with Linux
> > how much these things affect you.
> > A local DoS doesn't both me one squat personally, as I'm the only
> > user of computers I use each day. An admin of a shell server or
> > the like however would likely see this in a different light.
> > (though it can be argued a mallet to the kneecaps of the user
> > responsible is more effective than any software update)
>
> It deeply disturbs me to hear this kind of talk. If we're pretending to
> be a single-user operating system, why on earth did we use UNIX as a
> precedent in the first place?

You completely missed my point. What's classed as a threat to one
user just isn't relevant to another.

> On Wed, Jan 12, 2005 at 10:35:42PM -0500, Dave Jones wrote:
> > An information leak from kernel space may be equally as mundane to some,
> > though terrifying to some admins. Would you want some process to be
> > leaking your root password, credit card #, etc to some other users process ?
> > priveledge escalation is clearly the number one threat. Whilst some
> > class 'remote root hole' higher risk than 'local root hole', far
> > too often, we've had instances where execution of shellcode by
> > overflowing some buffer in $crappyapp has led to a shell
> > turning a local root into a remote root.
> > For us thankfully, exec-shield has trapped quite a few remotely
> > exploitable holes, preventing the above.
>
> If we give up and say we're never going to make multiuser use secure,
> where is our distinction from other inherently insecure single-user OS's?

Nowhere did I make that claim. If you parsed the comment about
exec-shield incorrectly, I should point out that we also issued
security updates to various applications even though (due to exec-shield)
our users weren't vulnerable. The comment was an indication that
the extra barrier has bought us some time in preparing updates
when 0-day exploits have been sprung on us unexpectedly on more
than one occasion.

Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Miklos Szeredi: "Re: [PATCH 2/11] FUSE - core"
Previous message: Scott Laird: "TG3 driver dies with "irq 12: nobody cared" on 2.6.10 (x86)"
In reply to: William Lee Irwin III: "Re: thoughts on kernel security issues"
Next in thread: Alan Cox: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]