Re: /dev/mem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Guys, I am not trying to say that fixing these things will make system not vulnerable to security attacks. Think about a vulnerability of a poorly implemented application which runs with root privilege and servicing requests for non root user, it could be a system service. If for some known vulnerability, like buffer overruns, you could corrupt its stack to make it jump to a code which can access these device files and play with them or get important data, you could still do it even without being logged into with root access.

You can say that this hacked process could insert a rootkit inside the kernel, agreed, but that is atleast making work harder for attackers, and ofcourse a rootkit is not going to be simpler than accessing /dev/mem or /dev/sda1.

In any case, no one can claim its not security hole, it is definitely, but only restricted to privileged processes. Any of the vulnerable process can make life easy for hackers. Also no one can build 100% secure system.

Thanks,
Rajat 

On Wed, Oct 27, 2010 at 9:50 PM, John Mahoney <jmahoney@xxxxxxxx> wrote:


On Wed, Oct 27, 2010 at 8:23 AM, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote:
Be it for any reason, it is a security loop whole. Even more dangerous is you have access to device file and its not very hard to erase blocks from disk through device file eg.

dd if=/dev/zero of=/dev/sda1 bs=32k count=32k


This would only be a security hole if a regular user was able to escalate privilege and run the command.  Once your root there are a million ways to shoot yourself in the foot.

I can do just as much file loss with rm -rf /

Also, dd if=/dev/sda1 of=backup-sda1.image is very useful to quickly backup whole partitions.

crw-r-----   1 root kmem      1,   1 2010-10-27 11:57 mem

Here are the permissions for /dev/mem on my box I do not see the security hole.  Regular users can not even read from /dev/mem

--
John


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux