From: jfj <jfj@freemail.gr>
To: linux-ppp@vger.kernel.org
Subject: Re: pppd security
Date: Mon, 18 Sep 2006 20:29:34 +0000 [thread overview]
Message-ID: <450F01AE.9060306@freemail.gr> (raw)
In-Reply-To: <450EBBCE.5030204@freemail.gr>
James Carlson wrote:
>>If so, does it sound like a feasible idea to hack the kernel to forbid
>>opening the /dev/ppp device to other processes, once pppd is working?
>
>
> It sounds plausible, but since I don't understand the trust model
> you're working with, I'm afraid I can't address the broader questions.
>
> (In particular, pppd needs a substantial amount of privilege in order
> to run the /etc/ppp/ip-{up,down} scripts properly. Given that level
> of privilege, and the trust that it necessarily implies, I think that
> if you have problems in pppd, you're already sunk, no matter how you
> try to limit the scope.)
>
The trust model is this: We suppose that malware is running.
Suppose from a buffer overflow in libPNG which achieved
priviledge escallation to root. It is OK for malware to run but
it will not be able to connect to anyone. Thus the attacker
will be blind, he will never know that the malware is
working and it will operate in isolation. Therefore,
nobody will be able to *control* the host or *get* data from
it. Sure, the running malware may delete everything :)
So the host may be compromised but it will be more like the
good old viruses that were transmitted in the boot sector
and didn't have a link to their creator.
Anyway. Thanks for the tips.
jerald
next prev parent reply other threads:[~2006-09-18 20:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-18 15:31 pppd security jfj
2006-09-18 16:10 ` James Carlson
2006-09-18 19:39 ` jfj
2006-09-18 19:48 ` James Carlson
2006-09-18 20:29 ` jfj [this message]
2006-09-18 20:46 ` James Carlson
2006-09-19 12:07 ` jfj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=450F01AE.9060306@freemail.gr \
--to=jfj@freemail.gr \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).