Re: Is Fedora, or Linux in general, vulnerable to a "paging exploit" like Vista appears to be?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Douglas Phillipson wrote:
> I just read a new exploit for Vista that in my mind could be plausible
> for Linux also.  It involves forcing unused device drivers in memory
> to be paged to disk by allocating gobs of memory, then a program finds
> the area on the disk where the device driver code is and replaces it
> with exploited code.  When the driver gets paged back into Kernel
> memory you now have full access to the machine.  Could this happen to
> Linux? Can a non-root or even a root owned process access the swap
> space.  Swap is a file on Windows which probably makes it easier than
> Linux.  Swap on Linux typically is a unformatted file system, but can
> be a file in the file system if desired. As I understand the exploit,
> Microsoft has implemented a policy with Vista that only drivers
> "Signed" by Microsoft can be installed on Vista.  This "Paging"
> exploit completely bypasses this requirement, easily.

It's unlikely -- for one thing, I understand that kernel device drivers
in Linux don't get paged to disk.

Normally, swap devices (and other ways of accessing memory and devices
directly) should be secured by appropriate permissions. It's possible,
of course, that a Linux system administrator could relax the permissions
on a swap device. That would be deliberately letting users in, rather
than an exploit.

But the only way to write to a swap partition on a normal Linux install
is to be root -- and if you're root, you basically "own" the machine
anyway.

There is an equivalent to Microsoft's feature in the Fedora world
(http://lwn.net/Articles/92617/) -- it's possible to compile kernels
that will only load modules signed with a cryptographic key, specified
at compile time. Unlike the Microsoft equivalent, this means that the
*owner* of the machine gets to specify which modules are acceptable.

But even in that case, it is understood that you have to turn off any
other ways of writing to kernel memory.

Hope this helps,

James.

-- 
E-mail:     james@ | Has anybody ever considered that rats may just be the
aprilcottage.co.uk | most hypochondriac mammal on earth?
                   |     -- Geoff Lane

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux