From: Helge Hafting <helgehaf@idb.hist.no>
To: root@chaos.analogic.com, linux-kernel@vger.kernel.org
Subject: Re: Mounting a in-ROM filesystem efficiently
Date: Tue, 18 Dec 2001 13:10:39 +0100 [thread overview]
Message-ID: <3C1F323F.ED6AE4F4@idb.hist.no> (raw)
In-Reply-To: <Pine.LNX.3.95.1011217081551.19476A-100000@chaos.analogic.com>
"Richard B. Johnson" wrote:
>
> Security isn't a problem with embedded systems because everything
> that could possibly be done is handled with a "monitor". There is
> no shell. If there is no way to execute some foreign executable,
> you don't have a security issue unless some dumb alleged software
> engineer added some back-doors to the monitor.
A hacker don't need a /bin/sh or any other onboard software
to exploit some security flaw. Assume someone discover that
your embedded box is vulnerable to a buffer overflow attack
of the type usually used to get a root shell. Then they
discover that running /bin/sh don't work. What to do? They
simply put a simple little shell _in_ the buffer overflow
code itself. A hacker don't need to call anything, all he need
can be downloaded as part of the exploit code.
If the room for exploit code is thight - use a two-stage approach.
The exploit then consists of code that download the rest of the
code into some other RAM outside the tiny buffer.
No "dangerous" utilities on board doesn't mean the box is safe at
all. The buffer overflow code could contain code for
continuing the attack on other boxes, or anything else.
Helge Hafting
next prev parent reply other threads:[~2001-12-18 12:11 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20011214072540.D7457@duron.intern.kubla.de>
2001-12-17 13:24 ` Mounting a in-ROM filesystem efficiently Richard B. Johnson
2001-12-18 12:10 ` Helge Hafting [this message]
2001-12-18 14:00 ` Richard B. Johnson
2001-12-18 14:09 ` Alan Cox
2001-12-18 15:21 ` Mr. James W. Laferriere
2001-12-18 20:56 ` H. Peter Anvin
2001-12-18 16:27 ` Kent Borg
2001-12-18 17:05 ` Herman Oosthuysen
2001-12-13 16:02 Thomas Capricelli
2001-12-13 16:22 ` Bradley D. LaRonde
2001-12-13 16:41 ` Thomas Capricelli
2001-12-13 17:10 ` Bradley D. LaRonde
2001-12-13 18:02 ` Richard B. Johnson
2001-12-13 18:14 ` Bradley D. LaRonde
2001-12-13 18:34 ` Richard B. Johnson
2001-12-13 18:52 ` Bradley D. LaRonde
2001-12-13 19:41 ` Richard B. Johnson
2001-12-13 20:09 ` Bradley D. LaRonde
[not found] ` <08d701c18412/mnt/tmp/sendmee91d2c0601010a@prefect>
2001-12-18 1:27 ` Pavel Machek
2001-12-14 11:03 ` Catalin Marinas
2001-12-13 17:49 ` David Woodhouse
2001-12-13 18:06 ` Bradley D. LaRonde
2001-12-13 20:38 ` H. Peter Anvin
2001-12-13 20:52 ` Bradley D. LaRonde
2001-12-14 9:45 ` David Woodhouse
2001-12-14 15:27 ` Bradley D. LaRonde
2001-12-14 16:51 ` David Woodhouse
2001-12-14 17:02 ` Bradley D. LaRonde
2001-12-14 17:03 ` David Woodhouse
2001-12-14 17:12 ` Bradley D. LaRonde
2001-12-14 17:16 ` David Woodhouse
2001-12-14 17:27 ` Bradley D. LaRonde
2001-12-16 9:51 ` Christoph Rohland
2002-01-23 8:01 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C1F323F.ED6AE4F4@idb.hist.no \
--to=helgehaf@idb.hist.no \
--cc=linux-kernel@vger.kernel.org \
--cc=root@chaos.analogic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).