linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: Possible missing security checks in

Re: Possible missing security checks in usbfs?

From: Crispin Cowan <crispin_at_nospam>
Date: Thu Nov 08 2007 - 04:05:14 GMT
To: Greg KH <greg@kroah.com>


Greg KH wrote:
> On Thu, Nov 01, 2007 at 10:42:02AM -0500, Tan, Lin wrote:
>
>> Thank you so much for the response. :)
>>
>> I think a malicious driver (in kernel space) can still call these
>> functions to create a device node, which is dangerous. If this is not
>> possible, then there is no security hole.
>>
> I don't see how this is possible, do you?
>
> Remember, if you have a malicious driver in kernel space, you can do
> whatever you want to do, no need to try to plod through the symbol table
> to lookup a static symbol in a kernel module and call that, just create
> the device node yourself with your own code :)
>

For this reason, the LSM design explicitly disclaims any attempt to defend against malicious in-kernel threats. If you can run arbitrary code inside the Linux kernel, the game is over, period. To do better requires a microkernel design, and Linux will not go there.

Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin CEO, Mercenary Linux http://mercenarylinux.com/ Itanium. Vista. GPLv3. Complexity at work - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html