lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120922152139.GA26808@srcf.ucam.org>
Date:	Sat, 22 Sep 2012 16:21:39 +0100
From:	Matthew Garrett <mjg59@...f.ucam.org>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org
Subject: Re: [RFC] Second attempt at kernel secure boot support

On Fri, Sep 21, 2012 at 03:55:28PM -0700, Eric W. Biederman wrote:

> 1) I don't see anything disabling kdb or kgdb.  If ever there
>    was a way to poke into the kernel and change things...

Is there any way to access them without having physical console access 
(either the system console or a serial console)? Physically-present 
attacks are kind of out of scope here.

> 2) You almost certainly want to disable module removal.  It is all to
>    easy to have races where that are not properly handled in the module
>    removal path.  I know I saw a bundle of those in debugfs the other
>    day.

I'm pretty reluctant to work around bugs like this. Disabling features 
certainly reduces the attack surface, but the aim is to only disable 
features that *by design* permit the modification of the kernel. Where 
it's possible to do so by exploiting bugs, we should be fixing the bugs.

> 3) And half seriously you probably want to disable mounting of
>    filesystems.  I believe I have heard it said the kernel has not been
>    vetted against a hostile root user mounting deliberately corrupted
>    filesystem images.

See (2). Not that you need to be root to trigger filesystem mounts, so 
this is also a user->kernel exploit. Those should be fixed.

-- 
Matthew Garrett | mjg59@...f.ucam.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ