One for the Security Guru's - Robert L. Harris

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Robert L. Harris" <Robert.L.Harris@rdlg.net>
To: Linux-Kernel <linux-kernel@vger.kernel.org>
Subject: One for the Security Guru's
Date: Wed, 23 Oct 2002 09:02:51 -0400	[thread overview]
Message-ID: <20021023130251.GF25422@rdlg.net> (raw)

  Once there was a company durring the dot.com boom.  This company had 
some outside consultants come in and tell them how to do a number of
things.  Many of the things were laughed off but some stuck.  2 things
in particular are giving me nightmares now that I'm at this company.
They have survived the bust and I think will actually stand a very good
chance to be very important in the near future so I want to see them
stay sane, stable and secure.

  The consultants aparantly told the company admins that kernel modules
were a massive security hole and extremely easy targets for root kits.
As a result every machine has a 100% monolithic kernel, some of them
ranging to 1.9Meg in filesize.  This of course provides some other
sticky points such as how to do a kernel boot image.

  I'd like it from the guru's on exactly how bad a hole this really is
and if there is a method in the kernel that will prevent such exploits.
For example, if I disable CONFIG_MODVERSIONS is the kernel less likely
to accept a module we didn't build?  Are there plans to implement some
form of finger printing on modules down the road?

Thanks for your imput guys,
  Robert

:wq!
---------------------------------------------------------------------------
Robert L. Harris                

DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

next             reply	other threads:[~2002-10-23 12:56 UTC|newest]

Thread overview: 51+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-23 13:02 Robert L. Harris [this message]
2002-10-23 13:13 ` One for the Security Guru's John Jasen
2002-10-23 13:20 ` Keith Owens
2002-10-24  7:56   ` Greg KH
2002-10-23 13:45 ` Alan Cox
2002-10-23 13:59   ` Gilad Ben-ossef
2002-10-23 22:14     ` James Cleverdon
2002-10-23 22:17       ` James Stevenson
2002-10-23 22:39         ` James Cleverdon
2002-10-23 22:44           ` James Stevenson
2002-10-24  6:12         ` Gilad Ben-Yossef
2002-11-06 21:39       ` Florian Weimer
2002-10-23 14:57 ` Richard B. Johnson
2002-10-23 17:56   ` Gerhard Mack
2002-10-24  9:38     ` Henning P. Schmiedehausen
     [not found]       ` <ap8f36$8ge$1@dstl.gov.uk>
2002-10-24 10:01         ` Tony Gale
2002-10-24 16:13           ` Gerhard Mack
2002-10-24 16:39             ` Henning P. Schmiedehausen
2002-10-24 16:34               ` David Lang
2002-10-24 17:04               ` Gilad Ben-Yossef
2002-10-25  9:44                 ` Henning Schmiedehausen
2002-10-25 20:52                   ` H. Peter Anvin
2002-10-26 10:43                     ` Henning P. Schmiedehausen
2002-10-27 10:17                       ` Rogier Wolff
2002-10-28  7:47                       ` Chris Wedgwood
2002-10-24 22:02               ` Danny Lepage
2002-10-25  9:40                 ` Henning Schmiedehausen
2002-10-24 14:23       ` Gilad Ben-ossef
2002-10-25  4:09       ` Stephen Satchell
2002-10-25 13:47         ` Stephen Frost
2002-10-26 10:38           ` Rogier Wolff
2002-10-26  9:44       ` Rogier Wolff
2002-10-26 10:46         ` Henning P. Schmiedehausen
2002-10-23 16:23 ` Henning P. Schmiedehausen
2002-10-23 17:55   ` David Lang
2002-10-23 19:46     ` H. Peter Anvin
2002-10-23 22:15 ` James Stevenson
2002-10-24  9:47   ` Henning P. Schmiedehausen
2002-10-25 12:28     ` Daniel Egger
2002-10-25 15:22       ` Alex Riesen
2002-10-25 16:38       ` Stephen Satchell
2002-10-25 18:21       ` [OT] " J Sloan
2002-10-26 10:40     ` OT " Rogier Wolff
2002-10-24 10:11   ` Ville Herva
2002-10-24 11:09     ` Henning P. Schmiedehausen
2002-10-24 11:55       ` Alan Cox
2002-10-24 14:40         ` Henning P. Schmiedehausen
2002-10-24 15:36           ` Alan Cox
2002-10-24 16:46     ` Eric W. Biederman
2002-10-24  6:04 ` David Wagner
  -- strict thread matches above, loose matches on Subject: below --
2002-10-23 21:49 Hank Leininger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021023130251.GF25422@rdlg.net \
    --to=robert.l.harris@rdlg.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.