On Wed, Oct 27, 2010 at 12:54 PM, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote: > Guys, I am not trying to say that fixing these things will make system > not vulnerable to security attacks. Think about a vulnerability of a poorly > implemented application which runs with root privilege and servicing > requests for non root user, it could be a system service. If for some known > vulnerability, like buffer overruns, you could corrupt its stack to make it > jump to a code which can access these device files and play with them or get > important data, you could still do it even without being logged into with > root access. > You can say that this hacked process could insert a rootkit inside the > kernel, agreed, but that is atleast making work harder for attackers, and > ofcourse a rootkit is not going to be simpler than accessing /dev/mem or > /dev/sda1. > In any case, no one can claim its not security hole, it is definitely, but > only restricted to privileged processes. Any of the vulnerable process can > make life easy for hackers. Also no one can build 100% secure system. > Thanks, > Rajat > Rajat, It is my understanding SElinux has features to at least partially address your concerns. The patches were developed by the USA NSA: http://www.nsa.gov/research/selinux/ I think the SElinux extensions are in the vanilla kernel, but my knowledge ends at that point. Greg Greg -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
