Re: thoughts on kernel security issues

[Alan Cox]

On Iau, 2005-01-13 at 17:33, Linus Torvalds wrote:
> Scripts can only do what the interpreter does. And it's often a lot harder
> to get the interpreter to do certain things. For example, you simply
> _cannot_ get any thread race conditions with most scripts out there, nor 
> can you generally use magic mmap patterns.

And then perl was invented.

> Am I claiming that disallowing self-written ELF binaries gets rid of all 
> security holes? Obviously not. I'm claiming that there are things that 
> people can do that make it harder, and that _real_ security is not about 
> trusting one subsystem, but in making it hard enough in many independent 
> ways that it's just too effort-intensive to attack.

It lasts until someone publishes the first perl ELF loader/executor on
bugtraq, or ruby, or python, or java. Then everyone has it.

> It's the same thing with passwords. Clearly any password protected system
> can be broken into: you just have to guess the password. It then becomes a
> matter of how hard it is to "guess" - at some point you say a password is
> secure not because it is a password, but because it's too _expensive_ to
> guess/break.

Its more like breaking a password algorithm or everyone having the same
password unfortunately. One perl ELF loader, game over. You can do this
stuff with SELinux but even then it is very hard and you have to whack
the interpreters.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/