Security
Brief items
When being explicit is too much hassle
One of the cardinal rules for security-oriented programming is to deny anything that you have not decided, explicitly, to allow. The Linux Security Modules project, which has its code partially merged into the 2.5 development kernel, was designed around this rule: the author of a security module is required to provide an implementation for every one of the (many) hooks provided by LSM. The LSM designers were worried that module authors could miss the addition of new hooks in the future, and thus unwittingly allow actions that their security regime was intended to prevent. By requiring an implementation of every hook, LSM ensured that module authors would always see - and deal with - any changes.The real result, however, was that real-world security modules were bloated by boilerplate stub implementations of dozens of unused hooks. It also was difficult to make modules portable across multiple kernel versions. Greg Kroah-Hartman finally got tired of all this, and posted a patch which removes the "implement all hooks" requirement. There has not been any real opposition to this change; it will likely go to Linus soon.
Security issues often go this way. The real-world costs of proposed security regimes reach a level where they outweigh the benefits. At that point, the best thing to do can be to back off before people start to develop unofficial ways around overly onerous requirements.
Quarterly CERT Summary
The latest quarterly CERT Summary is out; this advisory points out what CERT sees as the most significant outstanding security issues. Four of the five listed issues relate to free software: the mod_ssl worm, the sendmail and tcpdump trojans, and the BIND vulnerabilities. Evidently, the current problems with IE and IIS, and which expose a large portion of the net, are less significant than trojan horses which persisted for a few days (or hours) and affected very few users.
New vulnerabilities
freeswan: Denial of Service
| Package(s): | freeswan | CVE #(s): | |||||
| Created: | December 4, 2002 | Updated: | December 4, 2002 | ||||
| Description: | Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Debian's FreeS/WAN package contains this vulnerability, which can lead to kernel crashes. | ||||||
| Alerts: |
| ||||||
IM: creates temporary files insecurely
| Package(s): | im | CVE #(s): | CAN-2002-1395 | ||||||||||||
| Created: | December 3, 2002 | Updated: | March 6, 2003 | ||||||||||||
| Description: | Tatsuya Kinoshita discovered that IM, which contains interface
commands and Perl libraries for E-mail and NetNews, creates temporary
files insecurely.
| ||||||||||||||
| Alerts: |
| ||||||||||||||
pine: buffer overflow parsing "From:" addresses
| Package(s): | pine | CVE #(s): | CAN-2002-1320 | ||||||||||||||||||||
| Created: | November 27, 2002 | Updated: | January 3, 2003 | ||||||||||||||||||||
| Description: | A malicious user could send a message with a specially crafted "From:" address and cause a segmentation fault on the client. Pine 4.50 fixes this vulnerability (CAN-2002-1320) and several others. Read the full advisory here. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Resources
Linux Security Week
The December 2 Linux Security Week newsletter from LinuxSecurity.com is available.
Events
Annual Computer Security Applications Conference
The Annual Computer Security Applications Conference is happening December 9 to 13 in Las Vegas; click below for more information.
Page editor: Jonathan Corbet
Next page:
Kernel development>>