Re: BK2CVS problem

From: Richard B. Johnson
Date: Thu Nov 06 2003 - 09:00:45 EST

Next message: Prakash K. Cheemplavam: "Re: 2.9test9-mm1 and DAO ATAPI cd-burning corrupt"
Previous message: Charles: "Genuine Profitable Opportunity!"
In reply to: Scott Robert Ladd: "Re: BK2CVS problem"
Next in thread: Chad Kitching: "RE: BK2CVS problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 6 Nov 2003, Scott Robert Ladd wrote:

> Andrew Walrond wrote:
> > Somebody getting access to and inserting exploits directly into the linux
> > source is not something we should take lightly. Whilst we understand the
> > limits of the problem, the fact that it happened at all could get /.'d out of
> > all proportion and be used to seriously undermine linux's reputation
>
> Well, it's hit /. and OSNews already this morning.
>
> Mainstream media is now aware of Linux; for better or worse, someday, an
> issue like this is going to leak beyond Slashdot onto the pages of the
> Wall Street Journal and ZDNet. Maybe not this time -- but eventually.
>
> Open development is the ultimate in honesty -- and honesty leaves us
> vulnerable to being bitten by the ignorati and anti-freedom forces.
>
> --
> Scott Robert Ladd
> Coyote Gulch Productions (http://www.coyotegulch.com)
> Software Invention for High-Performance Computing

This may not really be the problem. It is well known that
anybody who has the capabilities of inserting a module into
the most secure kernel in the universe, could have designed
the module to give the current caller root privs when some
module function is executed.

$ whoami
cracker
$ od /dev/TROJAN
$ whoami
root
$

The kernel sources can be inspected using automation, looking
for accesses to 'current'. The expected patterns can be ignored.
Accesses to current->XXX,current->YYY,current->YYY, etc., could be
reviewed. However, this doesn't stop the clever programmer who
creates a pointer that, using a difficult-to-follow path, has
access to these structure members.

So, basically, any open-source kernel is vulnerable. Also any
closed-source kernel is also vulnerable. We already know that
M$ had hundreds of bugs, perhaps more, that allowed a hacker
complete unrestricted access to a machine on the network. We
also know that there are deliberate back-doors inserted to
allow governments to inspect the contents of these computers
(search on magic lantern and carnivor).

Cheers,
Dick Johnson
Penguin : Linux version 2.4.22 on an i686 machine (797.90 BogoMips).
Note 96.31% of all statistics are fiction.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Prakash K. Cheemplavam: "Re: 2.9test9-mm1 and DAO ATAPI cd-burning corrupt"
Previous message: Charles: "Genuine Profitable Opportunity!"
In reply to: Scott Robert Ladd: "Re: BK2CVS problem"
Next in thread: Chad Kitching: "RE: BK2CVS problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]