xfs
[Top] [All Lists]

Re: immutable etc.

To: Andi Kleen <ak@xxxxxxx>
Subject: Re: immutable etc.
From: Christoph Hellwig <hch@xxxxxxxxxx>
Date: Thu, 7 Dec 2000 19:51:43 +0100
Cc: Christoph Hellwig <hch@xxxxxxxxxx>, Timothy Shimmin <tes@xxxxxxxxxxxxxxxxxxxxxxx>, graichen@xxxxxxxxxxxxx, linux-xfs@xxxxxxxxxxx
In-reply-to: <20001207194210.A32293@xxxxxxxxxxxxxxxxxxx>; from ak@xxxxxxx on Thu, Dec 07, 2000 at 07:42:10PM +0100
References: <news2mail-90gun7$srf$2@xxxxxxxxxxxxxxxxxxxxxx> <200012070625.RAA34103@xxxxxxxxxxxxxxxxxxxxxxx> <20001207093517.A5515@xxxxxxxxxx> <20001207163711.A27514@xxxxxxxxxxxxxxxxxxx> <20001207191234.A30275@xxxxxxxxxx> <20001207191927.A31785@xxxxxxxxxxx <20001207193229.A32292@xxxxxxxxxx> <20001207194210.A32293@xxxxxxxxxxxxxxxxxxx>
Sender: owner-linux-xfs@xxxxxxxxxxx
On Thu, Dec 07, 2000 at 07:42:10PM +0100, Andi Kleen wrote:
> On Thu, Dec 07, 2000 at 07:32:29PM +0100, Christoph Hellwig wrote:
> > On Thu, Dec 07, 2000 at 07:19:27PM +0100, Andi Kleen wrote:
> > > On Thu, Dec 07, 2000 at 07:12:34PM +0100, Christoph Hellwig wrote:
> > > >   a) it's at least harder for the attacker
> > > >   b) for a even more secure system you will just disable that too
> > > > 
> > > > > (e.g. working IMMUTABLE normally implies non working x server).

         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> > > > 
> > > > No.
> > > 
> > > It does.  I recently did a study for the changes required for a secure
> > > (how to plug all holes that could be used to change kernel memory in a
> > > controlled environment), and the X server was one of the most prominent 
> > > (unless you go to unaccelerated X, which is not acceptable)  
> > > There were lots of others too. 
> > 
> > Yes.  But IMMUTABLE doesn't even work on device files (yet).
> > X will get offended once you will disable it's access to kernel memory, but
> > IMMUTABLE is currently not usable to do so.
> 
> I was not talking about immutable on device files, just on ways how 
> "unbreakable for root" security features like immutable could be circumvented.
> When an attacker gets access to DMA hardware or to kernel memory she wins,
> because she can modify your immutable files.

Your above statement looks different, but if that is your intention, your are 
right.

        Christoph

-- 
Of course it doesn't work. We've performed a software upgrade.

<Prev in Thread] Current Thread [Next in Thread>