[Gllug] just preaching to the converted !
Tethys
sta296 at astradyne.co.uk
Sat Oct 22 22:20:26 UTC 2005
Nix writes:
>(Of course, such secure OSes are horrible to actually *use*. Security
>and usability may not normally be enemies, but they certainly are when
>you get to the stage of forbidding repaints of one window when you drag
>another over it lest you use those repainting messages as a covert
>channel... I think it was Trusted Solaris 2.5.1 which came up with
>*that* little gem.)
Preventing sideband attacks like that is *incredibly* difficult. I
remember one case (and sadly Google isn't bringing me up a reference)
where someone wrote a proof of concept exploit for MAC system. The
basic premise of MAC is that a process at one security level can pass
no information to a process running at a lower security level. I can't
remember the precise details, but someone wrote a bit of code that
executed either executed certain opcodes in a given order, or did
something else funny (interrupt timings, maybe?), That in turn
had a measurable effect (CPU temperature? something else?), which
could be detected by a process at a lower privilege level. That was
then used to transmit information from one level to the other using
morse code. *Very* clever, and very hard to protect against.
>Linux could have that problem today if popular apps on Linux had been
>written by blithering short-termist fools with no understanding of
>security --- except that it's unlikely that entire systems could be
>compromised so easily, because we've already *got* a decent set of
>default permissions, so not even the most idiotically written app
>expects to be able to write to /usr/lib or /etc. MS is held back by apps
>that *do* expect exactly that...
See, we already *do* have apps like that under Linux. I bought one of the
LGP games IIRC, and it needed to be installed setuid root so that it could
write to /etc and /usr/bin (in a laughably trivial-to-crack anti-piracy
measure). Not only is this braindead, but it ensured I couldn't install
it -- it needed to go on an NFS filesytem, and I'm not about to avoid
root squashing just to get a game working...
Fortunately, such stupid apps are rare, but they exist under Linux just
as they do under Windows.
Tet
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list