Re: thoughts on kernel security issues

From: John Richard Moser
Date: Thu Jan 20 2005 - 14:23:57 EST

Next message: Miklos Szeredi: "[PATCH] FUSE - fix llseek on device"
Previous message: Andreas Gruenbacher: "Re: Fix ea-in-inode default ACL creation"
In reply to: Arjan van de Ven: "Re: thoughts on kernel security issues"
Next in thread: Christoph Hellwig: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arjan van de Ven wrote:
> On Thu, 2005-01-20 at 13:16 -0500, John Richard Moser wrote:
>
>>Even when the tagging is all automatic, to really deploy a competantly
>>formed system you have to review the results of the automated tagging.
>>It's a bit easier in most cases to automate-and-review, but it still has
>>to be done. I think in the case of PaX markings, the maintenance
>>overhead of manually marking binaries is minimal enough that looking for
>>mistakes would be more work than working from an already known and
>>familiar base.
>
>
>
> well, marking with PT_GNU_STACK is similar, execstack tool (part of the
> prelink package) both shows and can change the existing marking of
> binaries/libs.
>
> How is that much different to what pax provides?
>
>

The point was more that it's easier to avoid embarasments like "What?
Plug-ins are marked PT_GNU_STACK, but don't need it? Firefox is a high
risk application and we're giving it an executable stack needlessly?!
SOMEBODY TOLD WIRED THIS?! *IT'S ON SLASHDOT?!!?!!?*" when you do ALL
of the marking manually, so that you know who has what.

The reason for this is that rather than check every marking on every
program (and library in the ES case), you just run each program. You do
run each program right? Or is your distribution's QA shit? I'd hope
you test each program carefully to make sure it actually works. So this
should be normal anyway. When you run into an ES or PaX problem, you
know to track it down and mark it. No accidental mismarking setting
things less secure than they have to be.

I usually encourage deploying a new security system like SSP, PaX, or
the use of PIE binaries across everything on the development boxes, and
then cleaning up the breakage. The reason for this is that you
quickly--without having to second-guess an automatic marking system or
specifically examine each program in testing separated from your normal
QA--locate ALL breakage in your normal QA testing routine AND come out
with the tightest security settings possible. (On the same note, never
ever make a release with protections you haven't actually tested.)

>
>
>

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB8APmhDd4aOud5P8RAgQmAJ9f/Li0fj1+w1RH2bpCmIurZWidBACfbpvN
ITRMox6SIRt1qLsRP3ykUF0=
=Q22O
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Miklos Szeredi: "[PATCH] FUSE - fix llseek on device"
Previous message: Andreas Gruenbacher: "Re: Fix ea-in-inode default ACL creation"
In reply to: Arjan van de Ven: "Re: thoughts on kernel security issues"
Next in thread: Christoph Hellwig: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]