Re: lan based kgdb - Eric W. Biederman

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Jamie Lokier <lk@tantalophile.demon.co.uk>
Cc: Larry McVoy <lm@bitmover.com>,
	Alan Cox <alan@lxorguk.ukuu.org.uk>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: lan based kgdb
Date: 17 Nov 2002 13:31:57 -0700	[thread overview]
Message-ID: <m1wunc2b0i.fsf@frodo.biederman.org> (raw)
In-Reply-To: <20021117201026.GB1851@bjl1.asuk.net>

Jamie Lokier <lk@tantalophile.demon.co.uk> writes:

> Eric W. Biederman wrote:
> > As long as the network console/debug interface includes basic a basic
> > check to verify that the packets it accepts are from the local network.
> > And it's outgoing packets have a ttl of one.  I don't have a problem.
> 
> Is there a working network console?  It would be _great_ to have a
> network console to my _remote_ server, far far away on the internet.

There are bits and pieces, and a lan based kgdb is basically the same
problem security wise.  When you allow any kind of control the security
cannot be in the console protocol.  Therefore it can only be used on
a trusted lan and be only talk to local addresses.  At the same time
if you have two remote machines on that trusted lan you can use one
to control the other.  Knowing that a root exploit on one likely
becomes a root exploit on both.

And weather or not we have one at the moment, it is an active area of
research.  We just need to get a useable security model.  And I think
enforcing that the console be on a secure lan where every connected
machine is trusted is a good first draft, at the latter.

So I do not think this is the kind of thing that will help if you
only have one _remote_ server, far far away on the internet, but when
you start getting a collection of them it may help.

Eric

next prev parent reply	other threads:[~2002-11-17 20:25 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-15 20:29 lan based kgdb Kallol Biswas
2002-11-15 20:38 ` William Lee Irwin III
2002-11-15 22:06 ` Martin J. Bligh
2002-11-15 21:26   ` Linus Torvalds
2002-11-15 21:46     ` Andrew Morton
2002-11-15 22:05     ` Kallol Biswas
2002-11-15 22:24     ` Stelian Pop
2002-11-15 22:47       ` Dmitri
2002-11-15 22:53         ` Stelian Pop
2002-11-17  5:45         ` M. R. Brown
2002-11-15 22:51       ` Andrew Morton
2002-11-15 22:59         ` Stelian Pop
2002-11-16 16:23           ` yodaiken
2002-11-16 17:21             ` Stelian Pop
2002-11-16 21:32               ` Nicholas Miell
2002-11-16  2:35         ` Alan Cox
2002-11-16 18:18           ` Oliver Xymoron
2002-11-16  4:19       ` Linus Torvalds
2002-11-16  7:24         ` David Mosberger-Tang
2002-11-16 17:58           ` Daniel Jacobowitz
2002-11-16 23:56           ` Alan Cox
2002-11-16 18:24         ` Oliver Xymoron
2002-11-16 18:33           ` Linus Torvalds
2002-11-16 19:04             ` Oliver Xymoron
2002-11-17  9:56             ` Jan-Benedict Glaw
2002-11-17 14:50               ` Alan Cox
2002-11-18  7:27                 ` Jan-Benedict Glaw
2002-11-19  8:49                 ` Amit S. Kale
2002-11-16 20:42         ` Werner Almesberger
2002-11-16 23:54         ` Alan Cox
2002-11-17  3:19           ` Linus Torvalds
2002-11-17  3:30             ` Larry McVoy
2002-11-17 19:42               ` Eric W. Biederman
2002-11-17 20:10                 ` Jamie Lokier
2002-11-17 20:31                   ` Eric W. Biederman [this message]
2002-11-17 20:25                 ` Brad Hards
2002-11-17 21:30                   ` Eric W. Biederman
2002-11-17 21:32                     ` David Lang
2002-11-17 21:48                       ` Brad Hards
2002-11-17 22:00                         ` David Lang
2002-11-17 23:48                           ` Eric W. Biederman
2002-11-17 21:42                     ` Brad Hards
2002-11-18  1:10                 ` Werner Almesberger
2002-11-18  7:20       ` Miles Bader
  -- strict thread matches above, loose matches on Subject: below --
2002-11-15 21:44 Edwin Bland
     [not found] <1037490849.24843.11.camel@irongate.swansea.linux.org.uk.suse.lists.linux.kernel>
     [not found] ` <20021116193008.C25741@work.bitmover.com.suse.lists.linux.kernel>
     [not found]   ` <m11y5k3ruw.fsf@frodo.biederman.org.suse.lists.linux.kernel>
     [not found]     ` <200211180725.27450.bhards@bigpond.net.au.suse.lists.linux.kernel>
     [not found]       ` <m1smxz3mw7.fsf@frodo.biederman.org.suse.lists.linux.kernel>
2002-11-17 23:52         ` Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1wunc2b0i.fsf@frodo.biederman.org \
    --to=ebiederm@xmission.com \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lk@tantalophile.demon.co.uk \
    --cc=lm@bitmover.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox