lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031022080934.GA1957@adamantix.org>
From: peter at adamantix.org (Peter Busser)
Subject: Linux (in)security (Was: Re: Re: No Subject)

Hi!

> That brings up a good point. If this issue is not exploitable on *BSD
> but on Linux due to a different implementation of memory handling,
> doesn't that mean that Linux is generally less secure than *BSD just for
> that reason? And if so, why haven't the Linux memory handling routines
> been fixed/strengthened?

Because Linux people in general seem to be more concerned about speed and
features than about security. For example, the only reason Linux Security
Modules (LSM) have been included in the kernel, is that they don't have a
performance impact on users who do not load any security modules. People have
objected to some of the proposed LSM networking hooks, because they could
impact performance. From a performance point of view, this provides a nice way
to have more security without sacrificing performance. From a security point of
view, the result is not exactly what you would hope for.

Obviously this affects programs that use the LSM interface. Either you limit
the security functionality to what the LSM interface provides, or you forget
about the LSM interface. People who maintain Linux security patches complain
about it. Amon Ott, who wrote RSBAC, ported it to LSM. But he is thinking about
reverting to his self-made hooks like he has done so far. The drawbacks of
maintaining and applying your own hooks to the kernel more or less outweighs
the drawbacks of the LSM interface. And Amon is not the only security patch
maintainer to come to this conclusion. I think that is saying something about
LSM.

In general people seem to believe that Linux is either secure or can be made
secure by removing packages and unused services. This believe that Linus is
already secure makes people uninterested in security. Why improve something
that is already sufficient? Besides that, it is more rewarding to write a new
window manager providing more and faster flashy eye candy than to fix potential
memory allocation problems that noone ever notices. Well, until it becomes a
problem that is.

Contrary to common believe, keeping up to date with the latest security patches
is not sufficient:
http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it
If you think this is purely a Debian related problem, think again. Most
software found in a Linux distribution can be found in every other Linux
distribution and on *BSD too for that matter. People have argued against
the effectiveness of patches like PaX ever since Linus pointed out that they do
not provide protection against return to function attacks. This is probably
one of the reasons that their adoption in Linux distributions has been next to
zero.

Stuff like RSBAC, gr-security and LIDS are nice. But one kernel bug and they
are useless. Examples like the Linux ptrace() bug and the OpenBSD kernel bug
where root could circumvent securelevel are examples. Kernels tend to become
bigger and more complex, so the possibility for security related bugs will
likely grow.

People apparently do not realise that a wooden house is not sufficient to
protect against the big bad wolf. And there is currently no brick house to flee
to when the wolf comes...

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ