Re: A question about Knark and modules
On Tue, Jun 19, 2001 at 12:28:46AM -0800, Ethan Benson wrote:
> On Tue, Jun 19, 2001 at 12:17:07PM +0800, Ben Harvey wrote:
>
> > cracker==root sysadmin==root+LIDS_password
> > if someone can sniff me typing in my lids password (encrypted in the kernel)
> > then I am stuffed.
>
> they can always read the password hash out of the kernel and run a
> brute force attack on it too.
More likely is that they might read the plain text password from a
buffer somewhere, or capture it while you type it. If they can make
arbitrary changes to the running kernel code, you lose. (That's
another reason why the module signing + user-space memory access stuff
would be good.)
Of course, unless the password is very long and strong, the brute for
attack will be much cheaper than breaking MD5 usually is.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: