Security
Securely renting out your CPU with Linux
One might think that hacking kernels for SuSE would be enough to keep a person busy, but Andrea Arcangeli has more energy than that. So, on the side, he is working on a project called cpushare. Essentially, it is a form of Linux-based worldwide grid network which would enable people to sell their idle CPU cycles to others who are in need of serious crunching power. Most systems sit idle most of the time; they might as well be working for a living instead.Before Linux users will accept outside code on their systems, they will need to be pretty well convinced that said code can be kept under control. Without some pretty fierce security, a grid network could quickly be turned into a serious zombie network, and that would be embarrassing for everybody involved. The long-term plan is to take advantage of "trusted computing" hardware to sandbox the guest code; that hardware will also be able to help prevent the owner of the system from interfering with (or even observing) the buyer's computations and data. For now, however, some other method of ensuring the security of the host systems will have to be devised.
Andrea's answer is the seccomp patch. It is, in fact, an exceedingly simple solution to the problem. With this patch in place, the kernel allows a process to make a one-way transition into a "secure computing" mode. A hook is placed in the system call gate which checks for this mode; when secure computing is turned on, an attempt to execute almost any system call will result in the immediate termination of the process. The only exceptions are read(), write(), exit(), and the two forms of sigreturn(). So the cpushare client would execute outside work by setting up some sockets to communicate with the master system, turning on the secure mode, and executing the client code. If all goes well, that code will be able to do nothing beyond pure CPU use and communicating through the sockets given to it. And exiting, of course.
The objection that was raised is that this sort of sandboxing can be done from user space with ptrace(). At least, it can if one little patch is applied to ensure that the sandboxed process cannot continue if, somehow, the monitoring process dies first. Andrea acknowledges that the ptrace() solution is workable, but he still prefers the secure computing mode. The reason is simplicity: the seccomp patch is quite small, and it is relatively easy to verify that it does what is needed. The ptrace() code is rather more complex and harder to verify, even before considering the interactions with the user-space monitor.
The public discussion was inconclusive, so it is hard to predict whether this patch will eventually be accepted or not.
Brief items
PHRACK #63 CALL FOR PAPERS
The call for papers for Phrack #63 has gone out; no specific deadline is given for submissions. The CFP states that issue #63 will be the final issue of Phrack.
New vulnerabilities
AWStats: remote code execution
| Package(s): | awstats | CVE #(s): | CAN-2005-0116 CAN-2005-0362 CAN-2005-0363 | ||||||||||||
| Created: | January 25, 2005 | Updated: | February 15, 2005 | ||||||||||||
| Description: | When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open() function call. A remote attacker could supply AWStats malicious input, potentially allowing the execution of arbitrary code with the rights of the web server. | ||||||||||||||
| Alerts: |
| ||||||||||||||
enscript: arbitrary code execution
| Package(s): | enscript | CVE #(s): | CAN-2004-1184 CAN-2004-1185 CAN-2004-1186 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | January 21, 2005 | Updated: | May 27, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
ethereal: multiple vulnerabilites
| Package(s): | ethereal | CVE #(s): | CAN-2005-0006 CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084 | ||||||||||||||||||||||||||||
| Created: | January 21, 2005 | Updated: | February 15, 2005 | ||||||||||||||||||||||||||||
| Description: | Ethereal has released 0.10.9 to fix several vulnerabilities. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
evolution: arbitrary code execution
| Package(s): | evolution | CVE #(s): | CAN-2005-0102 | ||||||||||||||||||||||||
| Created: | January 24, 2005 | Updated: | May 19, 2005 | ||||||||||||||||||||||||
| Description: | Max Vozeler discovered an integer overflow in camel-lock-helper. A user-supplied length value was not validated, so that a value of -1 caused a buffer allocation of 0 bytes; this buffer was then filled by an arbitrary amount of user-supplied data. A local attacker or a malicious POP3 server could exploit this to execute arbitrary code with root privileges (because camel-lock-helper is installed as setuid root). | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
kdebase: screen saver crash
| Package(s): | kdebase | CVE #(s): | CAN-2005-0078 | ||||
| Created: | January 26, 2005 | Updated: | January 26, 2005 | ||||
| Description: | From the Debian advisory: "Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session." | ||||||
| Alerts: |
| ||||||
Konversation: multiple vulnerabilities
| Package(s): | konversation | CVE #(s): | CAN-2005-0129 CAN-2005-0130 CAN-2005-0131 | ||||
| Created: | January 24, 2005 | Updated: | January 26, 2005 | ||||
| Description: | Multiple vulnerabilities have been discovered in all Konversation versions up to and including 0.15. | ||||||
| Alerts: |
| ||||||
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl | CVE #(s): | CAN-2005-0077 | ||||||||||||||||||||||||||||||||
| Created: | January 25, 2005 | Updated: | March 2, 2006 | ||||||||||||||||||||||||||||||||
| Description: | Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
libpam-radius-auth
| Package(s): | libpam-radius-auth | CVE #(s): | CAN-2005-0108 | ||||
| Created: | January 26, 2005 | Updated: | January 26, 2005 | ||||
| Description: | The PAM RADIUS authentication module suffers from an integer overflow vulnerability. | ||||||
| Alerts: |
| ||||||
mpg123: frame header buffer overflow
| Package(s): | mpg123 | CVE #(s): | CAN-2004-0991 | ||||
| Created: | January 20, 2005 | Updated: | January 26, 2005 | ||||
| Description: | mpg123 has a vulnerability in which a maliciously created file could cause a buffer overflow in the frame header parsing code, allowing arbitrary code to be executed with the permission of the user. | ||||||
| Alerts: |
| ||||||
php4: multiple vulnerabilities
| Package(s): | php4 | CVE #(s): | |||||||||
| Created: | February 20, 2005 | Updated: | February 21, 2005 | ||||||||
| Description: | A vulnerability was reported in PHP in the cURL functions. A script can bypass the 'open_basedir' directory setting. See this SecurityTracker Alert for more information. | ||||||||||
| Alerts: |
| ||||||||||
realplayer: integer overflow
| Package(s): | realplayer | CVE #(s): | |||||
| Created: | January 24, 2005 | Updated: | January 26, 2005 | ||||
| Description: | A flaw in the .rm RealMovie stream handling routines allows a remote attacker to exploit an integer overflow vulnerability using a special .rm file. This might allow a remote attacker to execute code as the user running RealPlayer. | ||||||
| Alerts: |
| ||||||
sword: missing input sanitizing
| Package(s): | sword | CVE #(s): | CAN-2005-0015 | ||||
| Created: | January 20, 2005 | Updated: | January 26, 2005 | ||||
| Description: | The CGI script diatheke from sword does not properly sanitize its input, allowing arbitrary commands to be executed through a specially crafted URL. | ||||||
| Alerts: |
| ||||||
vdr: insecure file access
| Package(s): | vdr | CVE #(s): | CAN-2005-0071 | ||||||||
| Created: | January 25, 2005 | Updated: | January 31, 2005 | ||||||||
| Description: | Javier Fernández-Sanguino Peña from the Debian Security Audit Team has discovered that the vdr daemon which is used for video disk recorders for DVB cards can overwrite arbitrary files. | ||||||||||
| Alerts: |
| ||||||||||
xtrlock: buffer overflow
| Package(s): | xtrlock | CVE #(s): | CAN-2005-0079 | ||||
| Created: | January 20, 2005 | Updated: | January 26, 2005 | ||||
| Description: | xtrlock has a buffer overflow that can allow a local attacker to crash the lock program and take over a user's desktop session. | ||||||
| Alerts: |
| ||||||
zhcon: privilege escalation
| Package(s): | zhcon | CVE #(s): | CAN-2005-0072 | ||||||||
| Created: | January 24, 2005 | Updated: | January 26, 2005 | ||||||||
| Description: | Erik Sjolund discovered that zhcon accesses a user-controlled configuration file with elevated privileges which could make it possible to read arbitrary files. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jonathan Corbet
Next page:
Kernel development>>