Re: thoughts on kernel security issues

From: Horst von Brand
Date: Fri Jan 14 2005 - 07:46:59 EST

Next message: Reuben Farrelly: "Re: Breakage with raid in 2.6.11-rc1-mm1 [Regression in mm]"
Previous message: Julian T. J. Midgley: "Re: thoughts on kernel security issues"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Linus Torvalds: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus Torvalds <torvalds@xxxxxxxx> said:
> On Thu, 13 Jan 2005, Alan Cox wrote:
> > On Iau, 2005-01-13 at 16:38, Linus Torvalds wrote:

> > > It wouldn't be a global flag. It's a per-process flag. For example,
> > > many people _do_ need to execute binaries in their home directory. I
> > > do it all the time. I know what a compiler is.

> > noexec has never been worth anything because of scripts. Kernel won't
> > load that binary, I can write a script to do it.

> Scripts can only do what the interpreter does. And it's often a lot harder
> to get the interpreter to do certain things. For example, you simply
> _cannot_ get any thread race conditions with most scripts out there, nor
> can you generally use magic mmap patterns.

But you can trivially run an executable via e.g.:

/lib/ld-2.3.4.so some-nice-proggie

and the execute permissions (and noexec, etc) on some-nice-proggie don't
matter.

> Am I claiming that disallowing self-written ELF binaries gets rid of all
> security holes? Obviously not.

It makes their running a bit harder, but not much.

> I'm claiming that there are things that
> people can do that make it harder, and that _real_ security is not about
> trusting one subsystem, but in making it hard enough in many independent
> ways that it's just too effort-intensive to attack.

Right. But this is a broken idea, IMVHO.

Besides, something that has been overlooked in all this discussion so far:
It does routinely happen that fixing some "just an ordinary bug" really
does correct a security problem. Plus backporting "only security fixes"
gets harder and harder as they start depending on other random changes.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Reuben Farrelly: "Re: Breakage with raid in 2.6.11-rc1-mm1 [Regression in mm]"
Previous message: Julian T. J. Midgley: "Re: thoughts on kernel security issues"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Linus Torvalds: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]