Re: NFS4 authentification / fsuid

On Fri, 7 Sep 2007, J. Bruce Fields wrote:
> 
> On Fri, Sep 07, 2007 at 01:32:52AM +0200, Trond Myklebust wrote:
> > Sorry. Of course, you have to copy the entire /lib, etc. onto the tmpfs,
> > but you get the gist....
> > 
> > The point is that it is easy to subvert userspace if you have enough
> > privileges. In the above example it may not be entirely undetectable,
> > but who here is running a script on every login to check that / is
> > indeed uncompromised?
> 
> I suppose this is the motivation for things like the "secure attention
> key"?
> 
> But I'm most curious actually about to what degree the kernel itself is
> vulnerable to root (without a reboot).  Is disabling /dev/kmem and
> module-loading in theory enough?

No, not in theory, not in practice. But yeah, restricting an attacker's
ability to hack hardware (by controlling physical access) does take out a
whole class of attack vectors.

But, seriously, such discussion has the tendency to quickly get toooo
theoretical (thus losing practical significance). For example, would we
not also need to prevent the (userspace) superuser from being able to run
arbitrary executables that can modify firmware? Okay, let's say we have
a kernelspace infrastructure of verifying cryptographic signatures on
binaries before executing them ... but how practical/usable is this?
How practically/universally applicable is a system whose security derives
from keeping machines behind locked doors and protected by incorruptible,
armed guard?

Overall, I tend to be unenthusiastic about most schemes that claim to
have solved the user-kernel security problem (with no loss of usability/
practicality).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • Re: NFS4 authentification / fsuid
    • From: Trond Myklebust <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: Trond Myklebust <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: Jan Engelhardt <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: Trond Myklebust <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: "J. Bruce Fields" <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: Satyam Sharma <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: Satyam Sharma <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: "J. Bruce Fields" <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: Trond Myklebust <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: Trond Myklebust <[email protected]>
  • Re: NFS4 authentification / fsuid
    • From: "J. Bruce Fields" <[email protected]>

• Prev by Date: Re: [patch 3/4] Linux Kernel Markers - Documentation
• Next by Date: Re: BUG? Suspend during active sound playback kills sound
• Previous by thread: Re: NFS4 authentification / fsuid
• Next by thread: Re: NFS4 authentification / fsuid
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]