Re: Is Fedora, or Linux in general, vulnerable to a "paging exploit" like Vista appears to be?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 19, 2006 at 12:33:28PM -0700, Douglas Phillipson wrote:

 > Can a non-root or even a root owned process access the swap space.

non-root: no. (unless the user is a member of group 'disk' -- which by
          default, no user should be)
root: yes, but at that point, you've lost anyway, and there are far
more fun things to do than scribble on swap space.

I'm not 100% certain, but SELinux may also add an additional restriction
to who can touch raw disks. You may need policy adjustments if you're
running in enforcing mode.  It's certainly doable, I'm just not sure
if our current policy enforces this.

 > file on Windows which probably makes it easier than Linux.  Swap on 
 > Linux typically is a unformatted file system, but can be a file in the 
 > file system if desired.

That file won't be writable by anyone other than root.

The key phrase in that pdf is this..

"Vista allows usermode app to get raw access to disk"

                   G A M E  O V E R .

This is pretty damned amazing that they haven't considered this a
fundamental security problem, as it bypasses any form of access controls
that are placed on files, allowing for all sorts of fun even without
owning the box as described in this paper.

 > As I understand the exploit, Microsoft has 
 > implemented a policy with Vista that only drivers "Signed" by Microsoft 
 > can be installed on Vista.  This "Paging" exploit completely bypasses 
 > this requirement, easily.

The whole notion of pagable device drivers is utter lunacy to begin with.
Combined with the above brain damage, it's trivially exploitable, and
unless they fix this before GA, I wouldn't be surprised if a whole slew
of malware starts abusing this.

	Dave

-- 
http://www.codemonkey.org.uk

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux