Raw sockets (Re: Security Concern)

To: Nick Menchise <nmenchise@optushome.com.au>
Cc: debian-project@lists.debian.org
Subject: Raw sockets (Re: Security Concern)
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 5 Jul 2001 04:26:23 -0400
Message-id: <[🔎] 20010705042622.P3411@alcor.net>
Mail-followup-to: Matt Zimmerman <mdz@debian.org>, Nick Menchise <nmenchise@optushome.com.au>, debian-project@lists.debian.org
In-reply-to: <[🔎] 3B43FFD1.702021C5@optushome.com.au>
References: <[🔎] 3B43FFD1.702021C5@optushome.com.au>

On Thu, Jul 05, 2001 at 03:49:05PM +1000, Nick Menchise wrote:

> You may know about Gibson Research Corporation and its recent efforts to
> improve Internet security. Over the past week, Gibson has been writing
> articles about a feature that's being implemented in the upcoming release of
> Windows XP known as Full Raw Socket support. This feature has existed in Unix
> based systems since 1981, and has become an exploitable architecture for
> malicious hackers sending SYN floods to web servers.  While Unix based
> systems include security measures that unsuccessfully attempt to prevent
> this, Windows XP includes no security measures at all. Since I have no
> intention of purchasing Windows XP (for more reasons than one), I am curious
> about Debian.
> 
> Does the Linux kernel also provide Full Raw Socket support? If it does, what
> security measures are being provided by the Linux kernel and Debian to reduce
> the ability of malicious hackers to exploit the architecture (apart from the
> "root" privileges measure used by Unix)?

For those of you playing along at home, I believe the article in question is at
<http://grc.com/dos/winxp.htm>.

Yes, the Linux kernel supports raw sockets (which Mr. Gibson calls "Full Raw
Sockets" in a Windows context).  However, it is misleading (to say the least)
to say that this feature has caused any operating system to "become an
exploitable architecture".  If the attacker has full administrative access to
the system ("root"), she can execute any code that she likes, regardless of
whether it was already built-in to the operating system or not.  If the Linux
kernel did not provide raw sockets, an attacker could modify the kernel to add
this functionality, without even rebooting the system.  This is easier than
most people think, and requires very little expertise on the part of the
attacker.  So-called "script kiddies" compile and install dynamically loadable
kernel modules every day.  Allowing unprivileged users to use raw sockets, of
course, is a terrible idea.  Shipping an operating system that doesn't restrict
superuser access is an even worse idea.

On his web page, Mr. Gibson acknowledges the possibility of loading device
drivers to access raw sockets, but denies that this is a problem in practice,
and insists that a system shipped without raw socket support is more secure.
This simply isn't true, at least for UNIX-like systems.  I don't have any
first-hand experience with Windows in this area, but Mr. Gibson seems to imply
in his article that the only reason that this argument doesn't apply to Windows
systems is because Windows device drivers are "operating system version
dependent and difficult to reliably install".  So Microsoft, apparently, is
twice saved: first by having a broken BSD sockets implementation, and then by
having a broken device driver architecture.

Restriction of raw sockets to processes with root privileges is the only
meaningful security measure that can be applied, short of running the OS out of
ROM.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: Raw sockets (Re: Security Concern)
  - From: Sam Hartman <hartmans@debian.org>
- Re: Raw sockets (Re: Security Concern)
  - From: Philip Thiem <ptt@umr.edu>

References:
- Security Concern
  - From: Nick Menchise <nmenchise@optushome.com.au>

Prev by Date: [no subject]
Next by Date: Info
Previous by thread: Security Concern
Next by thread: Re: Raw sockets (Re: Security Concern)
Index(es):
- Date
- Thread