"Richard B. Johnson" wrote:
>
> Security isn't a problem with embedded systems because everything
> that could possibly be done is handled with a "monitor". There is
> no shell. If there is no way to execute some foreign executable,
> you don't have a security issue unless some dumb alleged software
> engineer added some back-doors to the monitor.
A hacker don't need a /bin/sh or any other onboard software
to exploit some security flaw. Assume someone discover that
your embedded box is vulnerable to a buffer overflow attack
of the type usually used to get a root shell. Then they
discover that running /bin/sh don't work. What to do? They
simply put a simple little shell _in_ the buffer overflow
code itself. A hacker don't need to call anything, all he need
can be downloaded as part of the exploit code.
If the room for exploit code is thight - use a two-stage approach.
The exploit then consists of code that download the rest of the
code into some other RAM outside the tiny buffer.
No "dangerous" utilities on board doesn't mean the box is safe at
all. The buffer overflow code could contain code for
continuing the attack on other boxes, or anything else.
Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Dec 23 2001 - 21:00:15 EST