Re: Debian Server Compromise -- A Fire Drill ??

To: debian-user@lists.debian.org
Subject: Re: Debian Server Compromise -- A Fire Drill ??
From: Isaac To <kkto@csis.hku.hk>
Date: Thu, 04 Dec 2003 22:26:51 +0800
Message-id: <[🔎] 7iad684q1g.fsf@enark.csis.hku.hk>
In-reply-to: <[🔎] 5.2.1.1.0.20031204062446.02d7ec90@mail.gain.com> (dmq@gci-net.com's message of "Thu, 04 Dec 2003 07:01:28 -0700")
References: <[🔎] 5.2.1.1.0.20031204062446.02d7ec90@mail.gain.com>

>>>>> "Dave" == Dave  <dmq@gci-net.com> writes:

    Dave> Seems like the critical link to be fixed is the vulnerability of
    Dave> daemons that run with root privilege and receive input from users.

No.  The kernel itself has bug.  The "user" (attacker) is running *perfectly
legitimate* system calls (brk(), the call that will be made when you
malloc()) from a rather strange but allowed executable file (that have the
code segment moved to the end of address space).  And then, due to the
kernel bug, the user can write into arbitrary location in the kernel, do
whatever he wants.  So here the problem is the kernel---the ultimate source
of permission that you have on the computer.  If the kernel is buggy, there
is really little that you can do to be protected from being harmed---except
of course to have a network of mutually distrusting servers with completely
different passwords, keys, etc.

Regards,
Isaac.

Reply to:

Follow-Ups:
- Re: Debian Server Compromise -- A Fire Drill ??
  - From: John Hasler <john@dhh.gt.org>

References:
- Debian Server Compromise -- A Fire Drill ??
  - From: Dave <dmq@gci-net.com>

Prev by Date: Re: Installing Printer - CUPS
Next by Date: Re: missing URL
Previous by thread: Debian Server Compromise -- A Fire Drill ??
Next by thread: Re: Debian Server Compromise -- A Fire Drill ??
Index(es):
- Date
- Thread