Hi Rajat, On Wed, Oct 27, 2010 at 9:54 AM, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote: > Guys, I am not trying to say that fixing these things will make system > not vulnerable to security attacks. Think about a vulnerability of a poorly > implemented application which runs with root privilege and servicing > requests for non root user, it could be a system service. If for some known > vulnerability, like buffer overruns, you could corrupt its stack to make it > jump to a code which can access these device files and play with them or get > important data, you could still do it even without being logged into with > root access. > You can say that this hacked process could insert a rootkit inside the > kernel, agreed, but that is atleast making work harder for attackers, and > ofcourse a rootkit is not going to be simpler than accessing /dev/mem or > /dev/sda1. > In any case, no one can claim its not security hole, it is definitely, but > only restricted to privileged processes. Any of the vulnerable process can > make life easy for hackers. Also no one can build 100% secure system. Well then loading modules is also a security hole, because I can trivially implement the same functionality by loading a module which does exactly what /dev/mem does. -- Dave Hylands Shuswap, BC, Canada http://www.DaveHylands.com/ -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
