From: John Richard Moser <nigelenki@comcast.net>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
Christoph Hellwig <hch@infradead.org>,
Dave Jones <davej@redhat.com>, Andrew Morton <akpm@osdl.org>,
marcelo.tosatti@cyclades.com, Greg KH <greg@kroah.com>,
chrisw@osdl.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: thoughts on kernel security issues
Date: Thu, 13 Jan 2005 13:59:19 -0500 [thread overview]
Message-ID: <41E6C507.5050302@comcast.net> (raw)
In-Reply-To: <Pine.LNX.4.58.0501130926260.2310@ppc970.osdl.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Linus Torvalds wrote:
>
> On Thu, 13 Jan 2005, Alan Cox wrote:
>
>>On Iau, 2005-01-13 at 16:38, Linus Torvalds wrote:
>>
[...]
> Am I claiming that disallowing self-written ELF binaries gets rid of all
> security holes? Obviously not. I'm claiming that there are things that
> people can do that make it harder, and that _real_ security is not about
> trusting one subsystem, but in making it hard enough in many independent
> ways that it's just too effort-intensive to attack.
>
I think you can make it non-guaranteeable.
> It's the same thing with passwords. Clearly any password protected system
> can be broken into: you just have to guess the password. It then becomes a
> matter of how hard it is to "guess" - at some point you say a password is
> secure not because it is a password, but because it's too _expensive_ to
> guess/break.
>
You can't guarantee you can guess a password. You could for example
write a pam module that mandates a 3 second delay on failed
authentication for a user (it does it for the console currently; use 3
separate consoles and you can do the attack 3 times faster). Now you
have to guess the password with one try every 3 seconds.
aA1# 96 possible values per character, 8 characters. 7.2139x10^15
combinations. It takes 686253404.7 years to go through all those at one
every 3 seconds. You've got a good chance at half that.
This isn't "hard," it's "infeasible." I think the idea is to make it so
an attacker doesn't have to put lavish amounts of work into creating an
exploit that reliably re-exploits a hole over and over again; but to
make it so he can't make an exploit that actually works, unless it works
only by rediculously remote chance.
> So all security issues are about balancing cost vs gain. I'm convinced
> that the gain from openness is higher than the cost. Others will disagree.
>
Yes. Nobody code audits your binaries. You need source code to do
source code auditing. :)
> Linus
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5sUGhDd4aOud5P8RAtL7AJ45IkplC/ArkSykOPdkwrXknhpgdwCgjLHJ
H8I593lQ0EuESMpriE6UIy0=
=kcas
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2005-01-13 19:03 UTC|newest]
Thread overview: 212+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-12 17:48 thoughts on kernel security issues Chris Wright
2005-01-12 15:06 ` Marcelo Tosatti
2005-01-12 18:49 ` Chris Wright
2005-01-12 18:05 ` Linus Torvalds
2005-01-12 18:44 ` Chris Wright
2005-01-12 18:57 ` Linus Torvalds
2005-01-12 19:21 ` Chris Wright
2005-01-12 20:59 ` Jesper Juhl
2005-01-12 21:27 ` Greg KH
2005-01-12 18:51 ` Greg KH
2005-01-12 19:01 ` Linus Torvalds
2005-01-12 16:12 ` Marcelo Tosatti
2005-01-12 20:00 ` Linus Torvalds
2005-01-12 17:42 ` Marcelo Tosatti
2005-01-13 15:36 ` Alan Cox
2005-01-13 17:22 ` Marcelo Tosatti
2005-01-13 21:20 ` Alan Cox
2005-01-13 17:52 ` Florian Weimer
2005-01-13 19:42 ` Marek Habersack
2005-01-13 19:19 ` Alan Cox
2005-01-13 20:44 ` Marek Habersack
2005-01-14 10:22 ` Wichert Akkerman
2005-01-14 12:10 ` Julian T. J. Midgley
2005-01-14 14:52 ` Florian Weimer
2005-01-14 15:12 ` Julian T. J. Midgley
2005-01-15 0:33 ` Alan Cox
2005-01-14 13:55 ` Marek Habersack
2005-01-13 19:50 ` Chris Wright
2005-01-13 20:29 ` Marek Habersack
2005-01-13 19:41 ` Alan Cox
2005-01-13 20:57 ` Arjan van de Ven
2005-01-13 21:22 ` Linus Torvalds
2005-01-13 21:15 ` Alan Cox
2005-01-13 22:41 ` Linus Torvalds
2005-01-13 21:41 ` Arjan van de Ven
2005-01-13 21:02 ` Marek Habersack
2005-01-13 21:30 ` Dave Jones
2005-01-13 21:48 ` Marek Habersack
2005-01-13 22:06 ` Dave Jones
2005-01-13 22:21 ` Marek Habersack
2005-01-13 23:30 ` Jesper Juhl
2005-01-15 0:34 ` Alan Cox
2005-01-15 2:56 ` Marcin Dalecki
2005-01-13 20:03 ` Dave Jones
2005-01-13 20:10 ` Linus Torvalds
2005-01-13 19:27 ` Alan Cox
2005-01-13 21:03 ` Linus Torvalds
2005-01-13 21:25 ` Alan Cox
2005-01-13 22:47 ` Linus Torvalds
2005-01-13 23:15 ` Chris Wright
2005-01-14 18:34 ` Theodore Ts'o
2005-01-14 19:15 ` Linus Torvalds
2005-01-14 22:13 ` Theodore Ts'o
2005-01-14 22:51 ` Linus Torvalds
2005-01-15 0:34 ` Alan Cox
2005-01-15 4:19 ` Linus Torvalds
2005-01-15 5:36 ` Rik van Riel
2005-01-18 22:27 ` Bill Davidsen
2005-01-19 2:34 ` Alban Browaeys
2005-01-19 19:13 ` Bill Davidsen
2005-01-13 20:32 ` Marek Habersack
2005-01-12 20:27 ` Chris Wright
2005-01-12 20:57 ` Greg KH
2005-01-13 15:36 ` Alan Cox
2005-01-12 21:20 ` Andrea Arcangeli
2005-01-12 20:28 ` Linus Torvalds
2005-01-12 18:03 ` Marcelo Tosatti
2005-01-13 3:18 ` Christian
2005-01-12 20:53 ` Dave Jones
2005-01-12 20:59 ` Greg KH
2005-01-13 2:09 ` Linus Torvalds
2005-01-13 2:28 ` Andrew Morton
2005-01-13 2:51 ` Linus Torvalds
2005-01-13 3:05 ` David Blomberg
2005-01-13 2:56 ` Greg KH
2005-01-13 3:01 ` Chris Wright
2005-01-13 3:35 ` Dave Jones
2005-01-13 3:42 ` Andrew Morton
2005-01-13 3:54 ` Chris Wright
2005-01-13 4:49 ` William Lee Irwin III
2005-01-13 6:54 ` Andrew Morton
2005-01-13 7:19 ` William Lee Irwin III
2005-01-13 7:25 ` Matt Mackall
2005-01-13 4:48 ` Linus Torvalds
2005-01-13 5:51 ` Barry K. Nathan
2005-01-13 7:28 ` Matt Mackall
2005-01-13 7:42 ` Willy Tarreau
2005-01-13 8:02 ` David Lang
2005-01-13 10:05 ` Willy Tarreau
2005-01-13 8:23 ` Christoph Hellwig
2005-01-13 16:38 ` Linus Torvalds
2005-01-13 16:12 ` Alan Cox
2005-01-13 17:33 ` Linus Torvalds
2005-01-13 17:49 ` Chris Wright
2005-01-13 18:53 ` Alan Cox
2005-01-13 18:59 ` John Richard Moser [this message]
2005-01-13 19:22 ` Norbert van Nobelen
2005-01-13 19:35 ` John Richard Moser
2005-01-13 19:46 ` Linus Torvalds
2005-01-13 19:57 ` John Richard Moser
2005-01-14 12:39 ` Horst von Brand
2005-01-14 15:45 ` Linus Torvalds
2005-01-14 15:52 ` Arjan van de Ven
2005-01-14 15:57 ` Stephen Smalley
2005-01-14 16:17 ` Stephen Smalley
2005-01-15 0:33 ` Alan Cox
2005-01-13 17:01 ` Arjan van de Ven
2005-01-13 17:19 ` Linus Torvalds
2005-01-13 17:45 ` Arjan van de Ven
2005-01-13 18:31 ` John Richard Moser
2005-01-19 10:30 ` Ingo Molnar
2005-01-19 17:20 ` John Richard Moser
2005-01-19 17:47 ` Ingo Molnar
2005-01-19 18:35 ` John Richard Moser
2005-01-19 18:55 ` Arjan van de Ven
2005-01-19 19:46 ` John Richard Moser
2005-01-19 19:53 ` Arjan van de Ven
2005-01-20 8:46 ` [Lists-linux-kernel-news] " Ingo Molnar
2005-01-20 8:35 ` Ingo Molnar
2005-01-20 10:44 ` Ingo Molnar
2005-01-20 18:16 ` John Richard Moser
2005-01-20 18:53 ` Valdis.Kletnieks
2005-01-20 18:55 ` Arjan van de Ven
2005-01-20 19:17 ` John Richard Moser
2005-01-20 19:22 ` Christoph Hellwig
2005-01-20 21:24 ` John Richard Moser
2005-01-19 17:52 ` Arjan van de Ven
2005-01-19 18:50 ` John Richard Moser
2005-01-19 19:47 ` Valdis.Kletnieks
2005-01-19 19:53 ` Arjan van de Ven
2005-01-19 20:44 ` Valdis.Kletnieks
2005-01-19 20:12 ` John Richard Moser
2005-01-19 20:42 ` Valdis.Kletnieks
2005-01-19 21:03 ` John Richard Moser
2005-01-19 22:02 ` Splitting up grsecurity and PAX (was " Valdis.Kletnieks
2005-01-19 20:47 ` Diego Calleja
2005-01-25 15:05 ` Bill Davidsen
2005-01-25 15:52 ` Linus Torvalds
2005-01-25 17:27 ` Bill Davidsen
2005-01-25 18:01 ` John Richard Moser
2005-01-25 18:30 ` Linus Torvalds
2005-01-25 18:37 ` John Richard Moser
2005-01-25 18:57 ` Dmitry Torokhov
2005-01-25 19:56 ` John Richard Moser
2005-01-25 20:25 ` J. Bruce Fields
2005-01-25 20:29 ` John Richard Moser
2005-01-25 20:46 ` J. Bruce Fields
2005-01-25 20:53 ` Valdis.Kletnieks
2005-01-25 20:59 ` John Richard Moser
2005-01-25 21:05 ` linux-os
2005-01-25 21:20 ` John Richard Moser
2005-01-26 15:15 ` Jesse Pollard
2005-01-26 16:09 ` Linus Torvalds
2005-01-26 19:15 ` Olaf Hering
2005-01-26 19:28 ` Linus Torvalds
2005-01-26 19:38 ` Olaf Hering
2005-01-26 19:53 ` Linus Torvalds
2005-01-30 15:39 ` Alan Cox
2005-01-26 19:24 ` John Richard Moser
2005-01-26 19:56 ` Bill Davidsen
2005-01-27 16:37 ` Jesse Pollard
2005-01-27 17:18 ` Zan Lynx
2005-01-27 22:18 ` Jesse Pollard
2005-01-27 23:20 ` Bill Davidsen
2005-01-27 23:36 ` John Richard Moser
2005-01-28 0:23 ` linux-os
2005-01-28 0:15 ` Krzysztof Halasa
2005-01-26 0:01 ` Bill Davidsen
2005-01-26 0:40 ` John Richard Moser
2005-01-25 19:05 ` Linus Torvalds
2005-01-25 20:03 ` John Richard Moser
2005-01-25 21:17 ` Al Viro
2005-01-26 16:06 ` Sytse Wielinga
2005-01-26 19:31 ` John Richard Moser
2005-01-26 19:50 ` Valdis.Kletnieks
2005-01-26 20:02 ` John Richard Moser
2005-01-26 20:26 ` Sytse Wielinga
2005-01-26 20:39 ` John Richard Moser
2005-01-26 20:49 ` Sytse Wielinga
2005-01-25 18:08 ` Linus Torvalds
2005-01-14 21:57 ` Russell King
2005-01-19 12:56 ` Pavel Machek
2005-01-19 20:02 ` Bill Davidsen
2005-01-13 4:49 ` William Lee Irwin III
2005-01-13 5:19 ` Dave Jones
2005-01-13 15:36 ` Alan Cox
2005-01-13 3:25 ` Dave Jones
2005-01-13 3:53 ` Marek Habersack
2005-01-13 5:38 ` Barry K. Nathan
2005-01-13 8:59 ` Florian Weimer
2005-01-13 15:31 ` Barry K. Nathan
2005-01-13 15:36 ` Alan Cox
2005-01-13 19:25 ` thoughts on kernel security issuesiig Marek Habersack
2005-01-13 15:36 ` thoughts on kernel security issues Alan Cox
2005-01-13 19:25 ` Christoph Hellwig
2005-01-13 19:33 ` Dave Jones
2005-01-13 19:35 ` Christoph Hellwig
2005-01-13 18:55 ` Alan Cox
2005-01-13 19:59 ` Dave Jones
2005-01-13 19:36 ` Marek Habersack
2005-01-13 8:23 ` Florian Weimer
2005-01-13 16:00 ` Kristofer T. Karas
2005-01-13 3:37 ` Rik van Riel
2005-01-12 19:18 ` Greg KH
2005-01-12 19:38 ` Chris Wright
2005-01-12 19:41 ` Florian Weimer
2005-01-12 23:10 ` Chris Wright
2005-01-12 19:43 ` Florian Weimer
2005-01-12 22:46 ` Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2005-01-12 20:49 Hubert Tonneau
2005-01-13 17:29 ` Chris Wright
2005-02-27 12:38 linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41E6C507.5050302@comcast.net \
--to=nigelenki@comcast.net \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chrisw@osdl.org \
--cc=davej@redhat.com \
--cc=greg@kroah.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.tosatti@cyclades.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.