Re: Security issues with abstract namespace sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2011-01-05 at 16:35 +0100, Lennart Poettering wrote:
> On Wed, 05.01.11 09:39, Matt McCutchen (matt@xxxxxxxxxxxxxxxxx) wrote:
> 
> > > That's precisely what I want to tell people: don't use the abstract
> > > socket namespace, unless you really know what you do. The only cases
> > > where it really makes sense to use it is if you have a privileged
> > > service that i sstarted before any user code and never goes away and
> > > hence is not vulnerable to these problems.
> > 
> > But as I said, it's impossible to guarantee that the service never goes
> > away.  It could crash or get OOM-killed (or terminate before all
> > potential clients have terminated during system shutdown: is that
> > possible?), and then you have a security hole.  So I would recommend
> > filesystem sockets for everything.
> 
> Well, if PID 1 terminates the kernel halts the system.

Valid point.

> And udev fiddles with its OOM score to avoid being killed.

There could still be a bug that causes udev to crash.  As a general
principle, systems should fail secure.

> And if the dbus system bus
> goes away the system becomes kinda unusable too.

Whether system features break for legitimate users is beside the point.
As long as user applications are still running, they may connect to the
system bus and be tricked into doing something harmful by an attacker
who impersonates it.

-- 
Matt

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux