Bug#524373: linux-2.6: /dev/mem rootkit vulnerability

To: dann frazier <dannf@debian.org>
Cc: 524373@bugs.debian.org
Subject: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Sun, 19 Apr 2009 22:31:18 -0400
Message-id: <[🔎] 20090419223118.516059e3.michael.s.gilbert@gmail.com>
Reply-to: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>, 524373@bugs.debian.org
In-reply-to: <20090417055054.GE17944@lackof.org>
References: <[🔎] 20090416115505.448e97bb.michael.s.gilbert@gmail.com> <[🔎] 20090416164307.GC8791@morgul.net> <[🔎] 20090416162110.caa5450a.michael.s.gilbert@gmail.com> <[🔎] 20090416205338.GD8791@morgul.net> <[🔎] 20090416233506.613e7ec1.michael.s.gilbert@gmail.com> <20090417055054.GE17944@lackof.org>

On Thu, 16 Apr 2009 23:50:54 -0600 dann frazier wrote:
> > > The support for dynamically loadable kernel modules in Linux can be
> > > abuses similarly.  Does that make it a "grave security issue"?
> > 
> > probably...at least until someone comes up with a secure way to do it.
> 
> Oh, come on.
> 
> grave
>     makes the package in question unusable or mostly so, or causes
>     data loss, or introduces a security hole allowing access to the
>     accounts of users who use the package.
> 
> Is the kernel really unusable/insecure because a root user can do
> something bad? Wouldn't that give every package a grave bug by
> definition?

maybe the definition needs to be rethought in the context of rootkits.
i think the kernel has to be considered more insecure under the
influence of a rootkit (since rootkits make it much harder to detect
that your system has be compromized).

> I certainly don't consider this issue invalid - and in fact, we have
> taken action to resolve it for the next release - but please don't
> blow it out of proportion.

i'm not trying to blow it out of proportion; just trying to make sure
that the issue gets the consideration that it deserves.

Reply to:

References:
- Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
- Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
  - From: Noah Meyerhans <noahm@debian.org>
- Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
- Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
  - From: Noah Meyerhans <noahm@debian.org>
- Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
  - From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Prev by Date: Bug#524740: closed by Ben Hutchings <ben@decadent.org.uk> (Re: Bug#524740: firmware-nonfree: debian/copyright file seems to be outdated)
Next by Date: Bug#513604: marked as done (linux-libc-dev: drm headers conflict with libdrm-dev)
Previous by thread: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
Next by thread: Bug#524373: linux-2.6: /dev/mem rootkit vulnerability
Index(es):
- Date
- Thread