[EMAIL PROTECTED] wrote:
But your message made me wonder - is it practical to disable creation of
/dev/kmem?
Sure is.
What other practical ways have we got to avoid attacks through it?
SE Linux? GRSecurity?
Well, the year I gave up being a security consultant was the same year that I had a frank discussion with some average hacker/cracker types over a beer. I was living in Melbourne at the time and these lads all told me in no uncertain terms that I was a fossil. These guys told me something that made me rethink the whole concept of unix security: go for the kernel exploit. Every one of them had their own personal, never-announced-to-the-public bug in the linux kernel that they would use to run arbitary code.
The C language is just so full of pitfalls and traps that it is next to impossible to write secure code in it. You can do it obviously (look at OpenBSD) but it requires so much discipline and arcane knowledge that most programmers simply can't write secure code.
The number of people reporting exploitable bugs in software has dropped in the last 5 years. It's not because the software has gotten better. It's because the kind of people who used to see finding these bugs as a challenge that would earn them respect and admiration have been vilified by the security companies that see finding these bugs as something their employees should be doing (to earn their company respect and admiration). These people didn't just stop looking for these bugs, they just stopped reporting them in official forums. Instead, they sit on irc and tell the "bad guys" all the bugs they find. Of course, there are the kind of people (like me) who just found the shear number of bugs available to be found as a turn off to the whole endevour. I mean, how fun is it to search for something you know you're going to find?
So unfortunately, I have no doubt that even your average script kiddie has their own personal kernel exploit that will likely never be fixed. As my signature on Slashdot says:
/Do we smell nothing of the security decomposition? Security is dead. Security remains dead and we have killed it.
Trent /
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
