From: Jan Kiszka <jan.kiszka@domain.hid>
To: Gilles Chanteperdrix <gilles.chanteperdrix@xenomai.org>
Cc: "xenomai@xenomai.org" <xenomai@xenomai.org>
Subject: Re: [Xenomai-help] Xenomai and capabilities
Date: Mon, 11 Oct 2010 18:58:50 +0200 [thread overview]
Message-ID: <4CB3424A.5090504@domain.hid> (raw)
In-Reply-To: <4CB34031.5090505@domain.hid>
Am 11.10.2010 18:49, Gilles Chanteperdrix wrote:
> Jan Kiszka wrote:
>> Am 11.10.2010 18:23, Gilles Chanteperdrix wrote:
>>> Jan Kiszka wrote:
>>>> enabling the Xenomai watchdog should provide a reasonably safe&secure
>>>> environment.
>>> AFAIK, the BIG FAT warning at the bottom of this page still applies. You
>>> can make an environment with no hardware lockups, but secure, I do not
>>> think so. We do not know how Xenomai APIs could be exploited for a
>>> non-root user to become root.
>>
>> For sure, no one audited the interface for security so far. There is no
>> hole in design that comes to my mind ATM, but I would be surprised as
>> well if you couldn't develop any exploit for some bug or missing check.
>> Still, there is a huge difference between giving anyone root access and
>> confining Xenomai access this way.
>
> I was just reacting to "reasonably secure". The experience proves that
> if you do not do any particular effort for security, then your code is
> not secure. Not even reasonably.
This is no black-or-white domain, and I wouldn't say we spend no effort
on security at all. We do have interest in making the userspace APIs
robust which addresses security up to a certain level as well.
What is still definitely not secure, though, is RTnet as it consequently
lacks any kind of check on user-passed addresses. But that's not
Xenomai's fault (rather mine).
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2010-10-11 16:58 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-11 16:11 [Xenomai-help] Xenomai and capabilities Anders Blomdell
2010-10-11 16:17 ` Gilles Chanteperdrix
2010-10-11 16:17 ` Jan Kiszka
2010-10-11 16:23 ` Gilles Chanteperdrix
2010-10-11 16:44 ` Jan Kiszka
2010-10-11 16:49 ` Gilles Chanteperdrix
2010-10-11 16:58 ` Jan Kiszka [this message]
2010-10-12 9:25 ` Anders Blomdell
2010-10-12 10:23 ` Anders Blomdell
2010-10-12 12:56 ` Anders Blomdell
2010-10-12 13:53 ` Gilles Chanteperdrix
2010-10-12 14:42 ` Anders Blomdell
2010-10-12 14:57 ` Gilles Chanteperdrix
2010-10-12 15:29 ` Anders Blomdell
2010-10-12 15:41 ` Gilles Chanteperdrix
2010-10-12 15:33 ` Philippe Gerum
2010-10-12 17:20 ` Jan Kiszka
2010-10-12 18:01 ` Anders Blomdell
2010-10-12 18:13 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CB3424A.5090504@domain.hid \
--to=jan.kiszka@domain.hid \
--cc=gilles.chanteperdrix@xenomai.org \
--cc=xenomai@xenomai.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.