Date: Fri, 24 Mar 2000 15:02:35 +0100 From: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> To: security@FreeBSD.ORG Subject: Re: New article Message-ID: <4.1.20000324144943.00a05470@mail.rz.fh-wilhelmshaven.de> In-Reply-To: <38DB2B63.82552C96@newsguy.com> References: <200003231326.IAA24776@blackhelicopters.org> <38DA7A60.B7C23121@newsguy.com> <38DA950C.D4DCE9CC@softweyr.com> <4.1.20000324022914.00cbed30@mail.rz.fh-wilhelmshaven.de>
next in thread | previous in thread | raw e-mail | index | archive | help
<snip> >> I mean, if some module (which runs on a deeper, priviliged mode) has some >> malicous code in it, or simply is buggy, and is loaded during runtime, it >> could cause a box to simply crash. > >What's the difference between a buggy module loaded at runtime, and one >compiled in the kernel? If you do it yourself-nothing. If someone other is doing/causing this, there is some annoyance. > >As for malicious code... what are you doing loading such a module??? :-) > >> Imagine some attacker exchanging some kernel module against own code, and >> causing that module to be loaded (say, some driver for access to certain >> filesystems, or zip drive etc...), or waiting for the module to be loaded >> (say, for regular, scheduled activities like backups or batch jobs or so) > >So??? If the hacker compromised root, he can just replace the whole >kernel if he wants. *IF ROOT WAS COMPROMISED, THE GAME IS OVER ALREADY*. >Really. No, I mean it. There is no such thing as "making things easier" >once root was compromised. You lost, and any attempt to "make things >difficult" is an exercise in self-delusion. Fully agreed. If an attacker has gained root, then its game over. My point was aimed at the possibility, that (most probably in misconfigured systems) an attacker could exchange existing kernel modules against malicious ones, given the case that writing/changing rights to that directory are not banned for everyone except root. I also had in mind, that there is no 100% security, and that there always are bugs, some daemons with some superior access rights, and perhaps some users except root, that al least have some access under certain circumstances, i.e. backup operators. (Ok, thats more likely for NT, I know) I also know, that most security holes come from human failure or foolishness. I wanted to point out, that there is/could be some very _remote_ possibility that such a mechanism could be used, if someone is creative enough, and the system unsecure enough. Problem is, that you not intend in all cases to crash the server. This can be done with other, easier methods. <paranoia> Imagine some code, that spies out your data, and transmits copies over the net? Device drivers (say, for SCSI/tape drives etc) are perfect for that. The driver has to sniff for some code snippets, and trensfer that chunk of data to some remote location... </paranoia> Yes, I know, that this would be a theoretical, constructed example, that you could neglect in todays scenery. But what about in some years? Lets move that to -security, if further discussion is desired. Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- Turning PC's into workstations ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000324144943.00a05470>