LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Savanna.gnu.org compromised too

Savanna.gnu.org compromised too

Posted Dec 4, 2003 13:44 UTC (Thu) by RobSeace (subscriber, #4435)
In reply to: Savanna.gnu.org compromised too by tymiles
Parent article: Savanna.gnu.org compromised too

Perhaps a little of both? Nothing is ever going to be completely secure,
so all of the people who claimed that Linux (or OpenBSD, or anything else)
is are simply fools... But, I think MOST people were only trying to claim
that Linux was far more secure than Windoze... And, there, I think there
can be no doubt as to the truth of that claim...

But, I personally have always considered that on ANY host running ANY OS,
any unpriviledged local user can gain root, if they really want to, and try
hard enough... I'm not saying local security isn't important, I'm just
saying I always operate under the assumption that if one can run arbitrary
code on the machine, no matter with WHAT priviledges, then they can also
run code as root, if they truly want to... So, that means only allow people
you truly TRUST (including trusting them to keep their home machines secure)
to login to your machine, and then only via secure channels... And, it means
keeping all network services (no matter if they run as root or not) secure...

In my opinion, the REAL problem is NOT a new local root exploit... Big
deal; there are probably several dozen other ways to gain root from a local
user account on most systems... The REAL problem is in anyone untrusted
being able to run arbitrary code (regardless of priviledge level) on a
remote machine... So, instead of focusing all of the effort and attention
on this brk() hole, I'd MUCH rather see it be focused on how the people got
unpriviledged access, in the first place... Apparently, in the Debian case
at least, there was a "sniffed password"... Sniffed where, and how?? From
the user's home system? If so, that user should be beaten, and not let
back in until someone can guarantee the security of their home system from
remote compromises... If sniffed from a compromised server they logged in
to, then it becomes a matter of tracking down how THAT server was
compromised... But, in the end, it'll likely come down to some user whose
home system was setup insecurely, and remotely compromised... And, THAT is
the real, basic problem... A chain is only as strong as its weakest link...
Of course, we should continue to fix local holes like this, but I think
putting as much focus on them as has been done is WAY out of proportion,
and completely missing where the real focus should go: finding the weak
link, and fixing IT... Because, I can assure you, some OTHER local root
compromise will be found someday (if there aren't already several others
already known)... I just think it's inevitable... It's far harder to
protect against a legit local user than it is to protect against an unknown
remote intruder... And, really, if we cut off all possible remote
intrusions (whether they be root compromises or merely unpriviledged ones),
then the local ones become nearly irrelevent... (Except for those few
people who want to run servers that give random untrusted people login
access on their systems, anyway... And, I think those people are just
rather insane, anyway... But, you know, once we've completely nailed down
all remote compromises, THEN we can start focusing on the local ones much
more intently, and help such crazy people... ;-))

(Log in to post comments)

Savanna.gnu.org compromised too

Posted Dec 4, 2003 16:40 UTC (Thu) by ccchips (subscriber, #3222) [Link]

Maybe it's also time for a change of focus, as I've said before.

I keep reading people saying things about locks, defects in locks, lock picks, and beating up people for not locking their doors properly.

Now, correct me if I'm wrong, but if I should (accidentally or on purpose) leave my back door open on my house, does that action tell you that you have the right to go in there and steal my washing machine?

Or, let's say I buy a lock from the Super-Defender Lock Company, and it turns out that somebody knows about a flaw in the metal, and that such a flaw allows them to break the lock, and get into my house. Does that mean people have the right to go on my property, break the lock, and hide in my house until I leave, then steal all my diskes?

We can fortify our computers until Hell freezes over, and as long as the people who break into them contine to be allowed to have no respect for our rights, they will continue to be broken into.

Once, a long time ago, my father left the back door of our house unlocked when we went on vacation. When we returned, we found the door locked on the bottom (one of those automatic locks once you leave,) and a note inside the house from a neighbor, saying that we had left it unlocked and that he'd locked it for us.

Now, I'm not trying to fault anyone for fixing problems in the computer; it seems fairly easy to conclude that a lot of security breaches are possibe because of software flaws. However, I do believe that people need to wake up to the fact that there are fundamental social issues at stake here that technology will never fix.

You've got to know that people are going to try really hard now to compromise Linux installations, especially since Gates and Co. made their big announcement about its insecurity. Don't be surprised if they are disillusioned former GPL supporters or current Microsoft fanatics who also happen to be expert crackers. You've got to have been expecting this, and for a long time. Also, Linux is now being advocated heavily by large, money-making concerns, as a possible desktop alternative. Joe User is not going to know (or care) about security the way some of you do. He may leave his window open, his door unlocked, or he may install a cheap-o-flex alram system.

Does that give anyone the right to violate or hijack his computer system? No.

It's not my fault if I'm the victim of a crime, it's the fault of the criminal. This was true when Microsoft was the butt of jokes about security, and it's still true now that Linux may be.

Savanna.gnu.org compromised too

Posted Dec 4, 2003 16:53 UTC (Thu) by RobSeace (subscriber, #4435) [Link]

Sure, of course the one breaking in is at prime fault... I don't think I
saw anyone arguing otherwise anywhere...

However, that doesn't mean you should say, "Well, since they're at fault, I
don't have to worry about protecting myself, then!"... That's just stupid...
Just because something is illegal, wrong, and/or anything else, does NOT
prevent some people from still doing it... Smart people will realize that
there are people out there that WILL do it, and so they'll take measures
to protect themselves... If they fail to do so, that doesn't mean the
person breaking in is any less criminal or wrong; but, it does mean they
have a lot easier time of it, and are more likely to get away with it...
Ranting and raving about how it's not YOUR fault someone broke in and stole
your stuff, just because you left your front door wide open is just rather
silly... Your stuff is still GONE, isn't it?? The person who stole it is
also long since gone, and will never be caught, will they?? So, why are you
yelling at the wind, and proclaiming your innocence? I don't think the
cops have any intention of throwing you in jail for not locking your door...
However, the only one you're hurting is yourself... So, it would be in your
own best interests to start locking those doors in the future...

Savanna.gnu.org compromised too

Posted Dec 4, 2003 17:10 UTC (Thu) by ccchips (subscriber, #3222) [Link]

Absolutely right. Howefer:

Start with a wide-open door. Then a lock. Then a better lock. Then a dog. Then an alarm system. Then what---a full-time armed guard?

I'm just saying we should never lose sight of the causes for this situation happening in the first place. If those are not addressed, all computer users will be in a vicious cycle forever.

I'm waiting for the day when those codes on the dashboard radios no longer have any effect on thieves. Maybe then someone will ask themselves where this ends.

Savanna.gnu.org compromised too

Posted Dec 4, 2003 19:57 UTC (Thu) by RobSeace (subscriber, #4435) [Link]

And, how exactly do you propose to address these causes?? I personally
don't know of any magic method of transforming everyone on the planet into
an ethical and law-abiding person... I quite suspect that for as long as
the human species exists, there will be some of us who break the law, and/or
do bad things... (And, let's be clear: the law is not always in line with
what's right, either...) I just don't see that it's possible at all to
ever do anything to change that basic fact of our nature... Short of
maybe some intensive genetic-engineering to breed out our bad sides, but
that will lead to a race of soulless zombies, like in every dystopian
sci-fi movie ever made... ;-)

So, I think we're better off addressing an issue which we actually have a
hope of doing something about: protecting ourselves from those people who
would choose to try to do us harm... Sure, it's a never-ending battle, and
there is a constant escalation on both sides... But, really, what else IS
there to do??

Savanna.gnu.org compromised too

Posted Dec 4, 2003 19:31 UTC (Thu) by proski (subscriber, #104) [Link]

Actually, there are several projects that allow limiting permissions of the root account. In particular, direct access to the hardware can be disabled. Also it should be possible to remount most filesystems read-only and disable root permissions for mounting. If you need to perform administrative tasks, you have to reboot the system and do it on local the console.

Or just give a separate virtual machine to every user.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds