User: Password:
Subscribe / Log in / New account


Securely renting out your CPU with Linux

One might think that hacking kernels for SuSE would be enough to keep a person busy, but Andrea Arcangeli has more energy than that. So, on the side, he is working on a project called cpushare. Essentially, it is a form of Linux-based worldwide grid network which would enable people to sell their idle CPU cycles to others who are in need of serious crunching power. Most systems sit idle most of the time; they might as well be working for a living instead.

Before Linux users will accept outside code on their systems, they will need to be pretty well convinced that said code can be kept under control. Without some pretty fierce security, a grid network could quickly be turned into a serious zombie network, and that would be embarrassing for everybody involved. The long-term plan is to take advantage of "trusted computing" hardware to sandbox the guest code; that hardware will also be able to help prevent the owner of the system from interfering with (or even observing) the buyer's computations and data. For now, however, some other method of ensuring the security of the host systems will have to be devised.

Andrea's answer is the seccomp patch. It is, in fact, an exceedingly simple solution to the problem. With this patch in place, the kernel allows a process to make a one-way transition into a "secure computing" mode. A hook is placed in the system call gate which checks for this mode; when secure computing is turned on, an attempt to execute almost any system call will result in the immediate termination of the process. The only exceptions are read(), write(), exit(), and the two forms of sigreturn(). So the cpushare client would execute outside work by setting up some sockets to communicate with the master system, turning on the secure mode, and executing the client code. If all goes well, that code will be able to do nothing beyond pure CPU use and communicating through the sockets given to it. And exiting, of course.

The objection that was raised is that this sort of sandboxing can be done from user space with ptrace(). At least, it can if one little patch is applied to ensure that the sandboxed process cannot continue if, somehow, the monitoring process dies first. Andrea acknowledges that the ptrace() solution is workable, but he still prefers the secure computing mode. The reason is simplicity: the seccomp patch is quite small, and it is relatively easy to verify that it does what is needed. The ptrace() code is rather more complex and harder to verify, even before considering the interactions with the user-space monitor.

The public discussion was inconclusive, so it is hard to predict whether this patch will eventually be accepted or not.

Comments (14 posted)

Brief items


The call for papers for Phrack #63 has gone out; no specific deadline is given for submissions. The CFP states that issue #63 will be the final issue of Phrack.

Full Story (comments: 2)

New vulnerabilities

AWStats: remote code execution

Package(s):awstats CVE #(s):CAN-2005-0116 CAN-2005-0362 CAN-2005-0363
Created:January 25, 2005 Updated:February 15, 2005
Description: When '' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open() function call. A remote attacker could supply AWStats malicious input, potentially allowing the execution of arbitrary code with the rights of the web server.
Debian DSA-682-1 awstats 2005-02-15
Gentoo 200501-36:03 awstats 2005-01-25
Gentoo 200501-36 awstats 2005-01-25

Comments (1 posted)

enscript: arbitrary code execution

Package(s):enscript CVE #(s):CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Created:January 21, 2005 Updated:May 27, 2006
Description: Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash.
rPath rPSA-2006-0083-1 enscript 2006-05-26
Fedora-Legacy FLSA:152892 enscript 2005-12-17
Red Hat RHSA-2005:040-01 enscript 2005-02-15
Mandrake MDKSA-2005:033 enscript 2005-02-10
Gentoo 200502-03 enscript 2005-02-02
Red Hat RHSA-2005:039-01 enscript 2005-02-01
Fedora FEDORA-2005-096 enscript 2005-01-31
Fedora FEDORA-2005-092 enscript 2005-01-28
Fedora FEDORA-2005-091 enscript 2005-01-28
Fedora FEDORA-2005-016 enscript 2005-01-26
Fedora FEDORA-2005-015 enscript 2005-01-26
Ubuntu USN-68-1 enscript 2005-01-24
Debian DSA-654-1 enscript 2005-01-21

Comments (none posted)

ethereal: multiple vulnerabilites

Package(s):ethereal CVE #(s):CAN-2005-0006 CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084
Created:January 21, 2005 Updated:February 15, 2005
Description: Ethereal has released 0.10.9 to fix several vulnerabilities.
Red Hat RHSA-2005:037-01 Ethereal 2005-02-15
Red Hat RHSA-2005:011-01 Ethereal 2005-02-02
Fedora FEDORA-2005-069 ethereal 2005-01-25
Fedora FEDORA-2005-068 ethereal 2005-01-25
Mandrake MDKSA-2005:013 ethereal 2005-01-24
Debian DSA-653-1 ethereal 2005-01-21
Gentoo 200501-27 ethereal 2005-01-20

Comments (none posted)

evolution: arbitrary code execution

Package(s):evolution CVE #(s):CAN-2005-0102
Created:January 24, 2005 Updated:May 19, 2005
Description: Max Vozeler discovered an integer overflow in camel-lock-helper. A user-supplied length value was not validated, so that a value of -1 caused a buffer allocation of 0 bytes; this buffer was then filled by an arbitrary amount of user-supplied data. A local attacker or a malicious POP3 server could exploit this to execute arbitrary code with root privileges (because camel-lock-helper is installed as setuid root).
Red Hat RHSA-2005:238-01 evolution 2005-05-19
Conectiva CLA-2005:925 evolution 2005-02-16
Debian DSA-673-1 evolution 2005-02-10
Mandrake MDKSA-2005:024 evolution 2005-01-27
Gentoo 200501-35 evolution 2005-01-24
Ubuntu USN-69-1 evolution 2005-01-24

Comments (1 posted)

kdebase: screen saver crash

Package(s):kdebase CVE #(s):CAN-2005-0078
Created:January 26, 2005 Updated:January 26, 2005
Description: From the Debian advisory: "Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session."
Debian DSA-660-1 kdebase 2005-01-26

Comments (none posted)

Konversation: multiple vulnerabilities

Package(s):konversation CVE #(s):CAN-2005-0129 CAN-2005-0130 CAN-2005-0131
Created:January 24, 2005 Updated:January 26, 2005
Description: Multiple vulnerabilities have been discovered in all Konversation versions up to and including 0.15.
Gentoo 200501-34 konversation 2005-01-24

Comments (none posted)

libdbi-perl: insecure temporary file

Package(s):libdbi-perl CVE #(s):CAN-2005-0077
Created:January 25, 2005 Updated:March 2, 2006
Description: Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.
Fedora-Legacy FLSA:178989 perl-dbi 2006-03-01
Gentoo 200501-38:03 perl 2005-01-26
Red Hat RHSA-2005:072-01 perl-DBI 2005-02-15
Mandrake MDKSA-2005:030 perl-DBI 2005-02-08
Red Hat RHSA-2005:069-01 perl-DBI 2005-02-01
Gentoo 200501-38 perl 2005-01-26
Ubuntu USN-70-1 libdbi-perl 2005-01-25
Debian DSA-658-1 libdbi-perl 2005-01-25

Comments (none posted)


Package(s):libpam-radius-auth CVE #(s):CAN-2005-0108
Created:January 26, 2005 Updated:January 26, 2005
Description: The PAM RADIUS authentication module suffers from an integer overflow vulnerability.
Debian DSA-659-1 libpam-radius-auth 2005-01-26

Comments (none posted)

mpg123: frame header buffer overflow

Package(s):mpg123 CVE #(s):CAN-2004-0991
Created:January 20, 2005 Updated:January 26, 2005
Description: mpg123 has a vulnerability in which a maliciously created file could cause a buffer overflow in the frame header parsing code, allowing arbitrary code to be executed with the permission of the user.
Mandrake MDKSA-2005:009 mpg123 2005-01-19

Comments (none posted)

php4: multiple vulnerabilities

Package(s):php4 CVE #(s):
Created:February 20, 2005 Updated:February 21, 2005
Description: A vulnerability was reported in PHP in the cURL functions. A script can bypass the 'open_basedir' directory setting. See this SecurityTracker Alert for more information.
Ubuntu USN-66-2 php4 2005-02-17
Ubuntu USN-66-1 php4 2005-01-20

Comments (2 posted)

realplayer: integer overflow

Package(s):realplayer CVE #(s):
Created:January 24, 2005 Updated:January 26, 2005
Description: A flaw in the .rm RealMovie stream handling routines allows a remote attacker to exploit an integer overflow vulnerability using a special .rm file. This might allow a remote attacker to execute code as the user running RealPlayer.
SuSE SUSE-SA:2005:004 realplayer 2005-01-24

Comments (none posted)

sword: missing input sanitizing

Package(s):sword CVE #(s):CAN-2005-0015
Created:January 20, 2005 Updated:January 26, 2005
Description: The CGI script diatheke from sword does not properly sanitize its input, allowing arbitrary commands to be executed through a specially crafted URL.
Debian DSA-650-1 sword 2005-01-20

Comments (none posted)

vdr: insecure file access

Package(s):vdr CVE #(s):CAN-2005-0071
Created:January 25, 2005 Updated:January 31, 2005
Description: Javier Fernández-Sanguino Peña from the Debian Security Audit Team has discovered that the vdr daemon which is used for video disk recorders for DVB cards can overwrite arbitrary files.
Gentoo 200501-42 vdr 2005-01-30
Debian DSA-656-1 vdr 2005-01-25

Comments (none posted)

xtrlock: buffer overflow

Package(s):xtrlock CVE #(s):CAN-2005-0079
Created:January 20, 2005 Updated:January 26, 2005
Description: xtrlock has a buffer overflow that can allow a local attacker to crash the lock program and take over a user's desktop session.
Debian DSA-649-1 xtrlock 2005-01-20

Comments (none posted)

zhcon: privilege escalation

Package(s):zhcon CVE #(s):CAN-2005-0072
Created:January 24, 2005 Updated:January 26, 2005
Description: Erik Sjolund discovered that zhcon accesses a user-controlled configuration file with elevated privileges which could make it possible to read arbitrary files.
Debian DSA-655-1 zhcon 2005-01-25
Mandrake MDKSA-2005:012 zhcon 2005-01-24

Comments (none posted)

Page editor: Jonathan Corbet
Next page: Kernel development>>

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds