lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8dc680a1-4a03-462d-b381-bf5c1470aa7e@googlegroups.com>
Date:	Sat, 23 Jun 2012 12:26:41 -0700 (PDT)
From:	iseletsk@...udlinux.com
To:	fa.linux.kernel@...glegroups.com
Cc:	Alex Lyashkov <umka@...udlinux.com>,
	Matthew Garrett <mjg59@...f.ucam.org>,
	linux-kernel@...r.kernel.org, rusty@...tcorp.com.au
Subject: Re: [PATCH] Taint kernel when lve module is loaded

On Friday, June 22, 2012 3:43:23 PM UTC-4, Greg KH wrote:
> On Fri, Jun 22, 2012 at 12:22:22PM -0700, Greg KH wrote:
> > On Fri, Jun 22, 2012 at 07:51:42PM +0100, Matthew Garrett wrote:
> > > On Fri, Jun 22, 2012 at 11:43:59AM -0700, Greg KH wrote:
> > > 
> > > > Do you have a pointer to this code anywhere?  Lying about the license to
> > > > the kernel is a pretty blatent thing to do and I'd like to have some
> > > > people follow up on that issue.
> > > 
> > > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/x86_64/RPMS/kmod-lve-2.6.18-408.el5.lve1.1.64.2-1.1-10.7.3.el5.x86_64.rpm 
> > > - there's no corresponding SRPM in 
> > > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/SRPMS/ and 
> > > upstream apparently refuse to provide source. Alex Lyashkov (Cc:ed) is 
> > > listed as module author in the metadata.
> > 
> > Hm, and at least one reason it needs to be GPL is due to it using
> > symbols I created, no fun.
> > 
> > Alex, can you please provide the source code for this module?  Or is the
> > license that the code is saying it is, somehow incorrect?  If so, can
> > you please fix it?  If you can't do this, is there someone else I should
> > be contacting?
> 
> Also, I almost hate to ask this, but why in the world are you creating
> sysfs binary files?  I really don't think you should be doing this, as
> those are only for firmware and other "pass-through" things the kernel
> uses to have userspace talk directly to hardware.
> 
> Odds are you can remove these files, and use the "correct" user/kernel
> interface which will result in much better speed and handle things
> properly for you, instead of abusing this interface.
> 
> Unless you really are talking directly to hardware, in which case, I'm
> kind of interested to see what you are doing here, so the source code
> would be greatly appreciated.
> 
> thanks,
> 
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Greg,

We do a "hack", which is not a pretty one, populating /sys with .htaccess files. This is really needed only by shared hosters, where one of the end users on the server, could be a hacker and could create symlinks that would later be followed by apache to read privileged information.
A better fix would be fixing the apache. Yet, surprisingly enough -- we control kernel on those servers -- but we don't control apache. So -- we tried to secure things for our customers in this particular way. Most likely we will through it out anyway.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ