From: "Henning P. Schmiedehausen" <hps@intermeta.de>
To: linux-kernel@vger.kernel.org
Subject: Re: One for the Security Guru's
Date: Sat, 26 Oct 2002 10:43:29 +0000 (UTC) [thread overview]
Message-ID: <apdrkh$h8n$1@forge.intermeta.de> (raw)
In-Reply-To: apcaub$ov5$1@cesium.transmeta.com
"H. Peter Anvin" <hpa@zytor.com> writes:
>Followup to: <1035539042.23977.24.camel@forge>
>By author: Henning Schmiedehausen <hps@intermeta.de>
>In newsgroup: linux.dev.kernel
>> >
>> > A. If there's a buffer overflow in the SSL Accelerator box the firewall
>> > wont do you much good (it helps, but only a little).
>>
>> This is a hardware device. Hardware as in "silicon". I very much doubt
>> that you can run "general purpose programs" on a device specifically
>> designed to do crypto. And this is _not_ just an "embedded Linux on ix86
>> with a crypto chip".
>>
>Hardware devices have bugs, too. Furthermore, most devices marketed
>as "hardware" still have programmable stuff underneath. Trust me.
Of course they have. I'm not that dumb. :-) I won't expect any piece
of silicon speak http, snmp and have configureable ip adresses without
any programming. I do had my share of Cisco router fun.... :-)
But my point is, that these beasts normally don't run a general
purpose operating system and that they're much less prone to buffer
overflow or similar attacks, simply because they don't use popular
software with known bugs (e.g. OpenSSL) or these functions (like
doing crypto) are in hardware.
If you have a processor that sets up an ASIC to do "insert https here,
use this key, remove http there", you might be able to attack the IP
stack running on the processor which gets the packets from the wire
and puts them back onto the wire. But you won't be able to trick any
bug or overflow in the crypto routines into opening a root shell on
the ASIC. :-)
Especially if there is no such thing as a /bin/sh binary on the
bugger. And even if you _do_; you still only have a shell on the
accelerator. Not on the application server.
If you ask me "how can you trust such a device if you can't look at
the source; well, I don't have to. I can tell the customer "this
device has been approved by <insert your certification authority here>
and you pay gobs of cash for simply having this certified device".
Replace "device" with "certificate" and you have the same thing as
getting your web server key certification from Verisign or Thawte.
You pay money and get a "trusted device".
Regards
Henning
--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.de
Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de
D-91054 Buckenhof Fax.: 09131 / 50654-20
next prev parent reply other threads:[~2002-10-26 10:37 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-23 13:02 One for the Security Guru's Robert L. Harris
2002-10-23 13:13 ` John Jasen
2002-10-23 13:20 ` Keith Owens
2002-10-24 7:56 ` Greg KH
2002-10-23 13:45 ` Alan Cox
2002-10-23 13:59 ` Gilad Ben-ossef
2002-10-23 22:14 ` James Cleverdon
2002-10-23 22:17 ` James Stevenson
2002-10-23 22:39 ` James Cleverdon
2002-10-23 22:44 ` James Stevenson
2002-10-24 6:12 ` Gilad Ben-Yossef
2002-11-06 21:39 ` Florian Weimer
2002-10-23 14:57 ` Richard B. Johnson
2002-10-23 17:56 ` Gerhard Mack
2002-10-24 9:38 ` Henning P. Schmiedehausen
[not found] ` <ap8f36$8ge$1@dstl.gov.uk>
2002-10-24 10:01 ` Tony Gale
2002-10-24 16:13 ` Gerhard Mack
2002-10-24 16:39 ` Henning P. Schmiedehausen
2002-10-24 16:34 ` David Lang
2002-10-24 17:04 ` Gilad Ben-Yossef
2002-10-25 9:44 ` Henning Schmiedehausen
2002-10-25 20:52 ` H. Peter Anvin
2002-10-26 10:43 ` Henning P. Schmiedehausen [this message]
2002-10-27 10:17 ` Rogier Wolff
2002-10-28 7:47 ` Chris Wedgwood
2002-10-24 22:02 ` Danny Lepage
2002-10-25 9:40 ` Henning Schmiedehausen
2002-10-24 14:23 ` Gilad Ben-ossef
2002-10-25 4:09 ` Stephen Satchell
2002-10-25 13:47 ` Stephen Frost
2002-10-26 10:38 ` Rogier Wolff
2002-10-26 9:44 ` Rogier Wolff
2002-10-26 10:46 ` Henning P. Schmiedehausen
2002-10-23 16:23 ` Henning P. Schmiedehausen
2002-10-23 17:55 ` David Lang
2002-10-23 19:46 ` H. Peter Anvin
2002-10-23 22:15 ` James Stevenson
2002-10-24 9:47 ` Henning P. Schmiedehausen
2002-10-25 12:28 ` Daniel Egger
2002-10-25 15:22 ` Alex Riesen
2002-10-25 16:38 ` Stephen Satchell
2002-10-25 18:21 ` [OT] " J Sloan
2002-10-26 10:40 ` OT " Rogier Wolff
2002-10-24 10:11 ` Ville Herva
2002-10-24 11:09 ` Henning P. Schmiedehausen
2002-10-24 11:55 ` Alan Cox
2002-10-24 14:40 ` Henning P. Schmiedehausen
2002-10-24 15:36 ` Alan Cox
2002-10-24 16:46 ` Eric W. Biederman
2002-10-24 6:04 ` David Wagner
-- strict thread matches above, loose matches on Subject: below --
2002-10-23 21:49 Hank Leininger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='apdrkh$h8n$1@forge.intermeta.de' \
--to=hps@intermeta.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).