From: Kent Borg <kentborg@borg.org>
To: "Richard B. Johnson" <root@chaos.analogic.com>
Cc: Helge Hafting <helgehaf@idb.hist.no>, linux-kernel@vger.kernel.org
Subject: Re: Mounting a in-ROM filesystem efficiently
Date: Tue, 18 Dec 2001 11:27:59 -0500 [thread overview]
Message-ID: <20011218112759.C4923@borg.org> (raw)
In-Reply-To: <3C1F323F.ED6AE4F4@idb.hist.no> <Pine.LNX.3.95.1011218085823.10303A-100000@chaos.analogic.com>
In-Reply-To: <Pine.LNX.3.95.1011218085823.10303A-100000@chaos.analogic.com>; from root@chaos.analogic.com on Tue, Dec 18, 2001 at 09:00:58AM -0500
On Tue, Dec 18, 2001 at 09:00:58AM -0500, Richard B. Johnson wrote:
> On Tue, 18 Dec 2001, Helge Hafting wrote:
> > A hacker don't need a /bin/sh or any other onboard software
> > to exploit some security flaw.
[...]
> You apparently don't know what an embedded system does.
> It is a device that uses a processor to perform some
> designed functions. It cannot do something that it
> was not designed to do although it can certainly fail
> to do what it was designed to do.
If it contains a CPU (that is designed to run code) and RAM (that is
designed to store code) and you can trick the CPU in running code you
tricked it into putting in the RAM, then it can do anything it wants
with the other hardware available, anything it is designed to do.
> If you want to break it, it's easier to hit it with a
> hammer or an axe. There is not any capability to "break in".
> Even if there was, what could you do? Shut off a motor?
> Screw up the ignition timing? Put porn pictures into
> medical images?
Or, be a proxy on the inside of J. Random Paranoid Corporate Network
that can relay stuff, snoop, sniff interesting stuff that is being
printed, etc. I mean, how about establishing an http connection out
to a computer controlled by the Bad Guy, and over that he tunnels
whatever he wants? And maybe it gets setup by putting some rogue
Postscript in a file he somehow conspires to be printed.
> Most embedded systems don't have network capabilities.
Certainly if the embedded system has extremely limited IO (Coke
vending machine?) there are limited opportunities for exploiting
things like buffer overflows.
But even Coke machines are starting to get IO: to report inventory and
apparent function to the vending company, some to even allow payment
via a cellphone. Don't think that embedded == isolated, for it is
becoming less and less true.
My cellphone has embedded software in it, it can receive e-mail.
(There was a recent story of a mal formed e-mail message that would
hard-crash some Nokia phones such even a power cycle wouldn't fix it!)
> There is no way that you can teach your Hewlett-Packard
> printer to become a network rogue and break into the
> Pentagon --regardless of what you send it.
Boy, are you ever complacent. Just because HP manages to largely
obscure the details of its internal CPU and RAM doesn't mean it ain't
there and potentially exploitable.
I have a friend who used to be really into desktop publishing,
Illustrator, his font collection, etc. He frequently made the
distinction between a "hardware RIP" and a "software RIP". His point
was actually that the embedded systems were better productized, but I
still corrected him and said they were both software, one was simply
embedded. He never seemed to get the point, and you don't either.
-kb
next prev parent reply other threads:[~2001-12-18 16:28 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20011214072540.D7457@duron.intern.kubla.de>
2001-12-17 13:24 ` Mounting a in-ROM filesystem efficiently Richard B. Johnson
2001-12-18 12:10 ` Helge Hafting
2001-12-18 14:00 ` Richard B. Johnson
2001-12-18 14:09 ` Alan Cox
2001-12-18 15:21 ` Mr. James W. Laferriere
2001-12-18 20:56 ` H. Peter Anvin
2001-12-18 16:27 ` Kent Borg [this message]
2001-12-18 17:05 ` Herman Oosthuysen
2001-12-13 16:02 Thomas Capricelli
2001-12-13 16:22 ` Bradley D. LaRonde
2001-12-13 16:41 ` Thomas Capricelli
2001-12-13 17:10 ` Bradley D. LaRonde
2001-12-13 18:02 ` Richard B. Johnson
2001-12-13 18:14 ` Bradley D. LaRonde
2001-12-13 18:34 ` Richard B. Johnson
2001-12-13 18:52 ` Bradley D. LaRonde
2001-12-13 19:41 ` Richard B. Johnson
2001-12-13 20:09 ` Bradley D. LaRonde
[not found] ` <08d701c18412/mnt/tmp/sendmee91d2c0601010a@prefect>
2001-12-18 1:27 ` Pavel Machek
2001-12-14 11:03 ` Catalin Marinas
2001-12-13 17:49 ` David Woodhouse
2001-12-13 18:06 ` Bradley D. LaRonde
2001-12-13 20:38 ` H. Peter Anvin
2001-12-13 20:52 ` Bradley D. LaRonde
2001-12-14 9:45 ` David Woodhouse
2001-12-14 15:27 ` Bradley D. LaRonde
2001-12-14 16:51 ` David Woodhouse
2001-12-14 17:02 ` Bradley D. LaRonde
2001-12-14 17:03 ` David Woodhouse
2001-12-14 17:12 ` Bradley D. LaRonde
2001-12-14 17:16 ` David Woodhouse
2001-12-14 17:27 ` Bradley D. LaRonde
2001-12-16 9:51 ` Christoph Rohland
2002-01-23 8:01 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20011218112759.C4923@borg.org \
--to=kentborg@borg.org \
--cc=helgehaf@idb.hist.no \
--cc=linux-kernel@vger.kernel.org \
--cc=root@chaos.analogic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).