From: John Richard Moser <nigelenki@comcast.net>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
Christoph Hellwig <hch@infradead.org>,
Dave Jones <davej@redhat.com>, Andrew Morton <akpm@osdl.org>,
marcelo.tosatti@cyclades.com, Greg KH <greg@kroah.com>,
chrisw@osdl.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: thoughts on kernel security issues
Date: Thu, 13 Jan 2005 13:59:19 -0500 [thread overview]
Message-ID: <41E6C507.5050302@comcast.net> (raw)
In-Reply-To: <Pine.LNX.4.58.0501130926260.2310@ppc970.osdl.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Linus Torvalds wrote:
>
> On Thu, 13 Jan 2005, Alan Cox wrote:
>
>>On Iau, 2005-01-13 at 16:38, Linus Torvalds wrote:
>>
[...]
> Am I claiming that disallowing self-written ELF binaries gets rid of all
> security holes? Obviously not. I'm claiming that there are things that
> people can do that make it harder, and that _real_ security is not about
> trusting one subsystem, but in making it hard enough in many independent
> ways that it's just too effort-intensive to attack.
>
I think you can make it non-guaranteeable.
> It's the same thing with passwords. Clearly any password protected system
> can be broken into: you just have to guess the password. It then becomes a
> matter of how hard it is to "guess" - at some point you say a password is
> secure not because it is a password, but because it's too _expensive_ to
> guess/break.
>
You can't guarantee you can guess a password. You could for example
write a pam module that mandates a 3 second delay on failed
authentication for a user (it does it for the console currently; use 3
separate consoles and you can do the attack 3 times faster). Now you
have to guess the password with one try every 3 seconds.
aA1# 96 possible values per character, 8 characters. 7.2139x10^15
combinations. It takes 686253404.7 years to go through all those at one
every 3 seconds. You've got a good chance at half that.
This isn't "hard," it's "infeasible." I think the idea is to make it so
an attacker doesn't have to put lavish amounts of work into creating an
exploit that reliably re-exploits a hole over and over again; but to
make it so he can't make an exploit that actually works, unless it works
only by rediculously remote chance.
> So all security issues are about balancing cost vs gain. I'm convinced
> that the gain from openness is higher than the cost. Others will disagree.
>
Yes. Nobody code audits your binaries. You need source code to do
source code auditing. :)
> Linus
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5sUGhDd4aOud5P8RAtL7AJ45IkplC/ArkSykOPdkwrXknhpgdwCgjLHJ
H8I593lQ0EuESMpriE6UIy0=
=kcas
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2005-01-13 19:03 UTC|newest]
Thread overview: 212+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-12 17:48 thoughts on kernel security issues Chris Wright
2005-01-12 15:06 ` Marcelo Tosatti
2005-01-12 18:49 ` Chris Wright
2005-01-12 18:05 ` Linus Torvalds
2005-01-12 18:44 ` Chris Wright
2005-01-12 18:57 ` Linus Torvalds
2005-01-12 19:21 ` Chris Wright
2005-01-12 20:59 ` Jesper Juhl
2005-01-12 21:27 ` Greg KH
2005-01-12 18:51 ` Greg KH
2005-01-12 19:01 ` Linus Torvalds
2005-01-12 16:12 ` Marcelo Tosatti
2005-01-12 20:00 ` Linus Torvalds
2005-01-12 17:42 ` Marcelo Tosatti
2005-01-13 15:36 ` Alan Cox
2005-01-13 17:22 ` Marcelo Tosatti
2005-01-13 21:20 ` Alan Cox
2005-01-13 17:52 ` Florian Weimer
2005-01-13 19:42 ` Marek Habersack
2005-01-13 19:19 ` Alan Cox
2005-01-13 20:44 ` Marek Habersack
2005-01-14 10:22 ` Wichert Akkerman
2005-01-14 12:10 ` Julian T. J. Midgley
2005-01-14 14:52 ` Florian Weimer
2005-01-14 15:12 ` Julian T. J. Midgley
2005-01-15 0:33 ` Alan Cox
2005-01-14 13:55 ` Marek Habersack
2005-01-13 19:50 ` Chris Wright
2005-01-13 20:29 ` Marek Habersack
2005-01-13 19:41 ` Alan Cox
2005-01-13 20:57 ` Arjan van de Ven
2005-01-13 21:22 ` Linus Torvalds
2005-01-13 21:15 ` Alan Cox
2005-01-13 22:41 ` Linus Torvalds
2005-01-13 21:41 ` Arjan van de Ven
2005-01-13 21:02 ` Marek Habersack
2005-01-13 21:30 ` Dave Jones
2005-01-13 21:48 ` Marek Habersack
2005-01-13 22:06 ` Dave Jones
2005-01-13 22:21 ` Marek Habersack
2005-01-13 23:30 ` Jesper Juhl
2005-01-15 0:34 ` Alan Cox
2005-01-15 2:56 ` Marcin Dalecki
2005-01-13 20:03 ` Dave Jones
2005-01-13 20:10 ` Linus Torvalds
2005-01-13 19:27 ` Alan Cox
2005-01-13 21:03 ` Linus Torvalds
2005-01-13 21:25 ` Alan Cox
2005-01-13 22:47 ` Linus Torvalds
2005-01-13 23:15 ` Chris Wright
2005-01-14 18:34 ` Theodore Ts'o
2005-01-14 19:15 ` Linus Torvalds
2005-01-14 22:13 ` Theodore Ts'o
2005-01-14 22:51 ` Linus Torvalds
2005-01-15 0:34 ` Alan Cox
2005-01-15 4:19 ` Linus Torvalds
2005-01-15 5:36 ` Rik van Riel
2005-01-18 22:27 ` Bill Davidsen
2005-01-19 2:34 ` Alban Browaeys
2005-01-19 19:13 ` Bill Davidsen
2005-01-13 20:32 ` Marek Habersack
2005-01-12 20:27 ` Chris Wright
2005-01-12 20:57 ` Greg KH
2005-01-13 15:36 ` Alan Cox
2005-01-12 21:20 ` Andrea Arcangeli
2005-01-12 20:28 ` Linus Torvalds
2005-01-12 18:03 ` Marcelo Tosatti
2005-01-13 3:18 ` Christian
2005-01-12 20:53 ` Dave Jones
2005-01-12 20:59 ` Greg KH
2005-01-13 2:09 ` Linus Torvalds
2005-01-13 2:28 ` Andrew Morton
2005-01-13 2:51 ` Linus Torvalds
2005-01-13 3:05 ` David Blomberg
2005-01-13 2:56 ` Greg KH
2005-01-13 3:01 ` Chris Wright
2005-01-13 3:35 ` Dave Jones
2005-01-13 3:42 ` Andrew Morton
2005-01-13 3:54 ` Chris Wright
2005-01-13 4:49 ` William Lee Irwin III
2005-01-13 6:54 ` Andrew Morton
2005-01-13 7:19 ` William Lee Irwin III
2005-01-13 7:25 ` Matt Mackall
2005-01-13 4:48 ` Linus Torvalds
2005-01-13 5:51 ` Barry K. Nathan
2005-01-13 7:28 ` Matt Mackall
2005-01-13 7:42 ` Willy Tarreau
2005-01-13 8:02 ` David Lang
2005-01-13 10:05 ` Willy Tarreau
2005-01-13 8:23 ` Christoph Hellwig
2005-01-13 16:38 ` Linus Torvalds
2005-01-13 16:12 ` Alan Cox
2005-01-13 17:33 ` Linus Torvalds
2005-01-13 17:49 ` Chris Wright
2005-01-13 18:53 ` Alan Cox
2005-01-13 18:59 ` John Richard Moser [this message]
2005-01-13 19:22 ` Norbert van Nobelen
2005-01-13 19:35 ` John Richard Moser
2005-01-13 19:46 ` Linus Torvalds
2005-01-13 19:57 ` John Richard Moser
2005-01-14 12:39 ` Horst von Brand
2005-01-14 15:45 ` Linus Torvalds
2005-01-14 15:52 ` Arjan van de Ven
2005-01-14 15:57 ` Stephen Smalley
2005-01-14 16:17 ` Stephen Smalley
2005-01-15 0:33 ` Alan Cox
2005-01-13 17:01 ` Arjan van de Ven
2005-01-13 17:19 ` Linus Torvalds
2005-01-13 17:45 ` Arjan van de Ven
2005-01-13 18:31 ` John Richard Moser
2005-01-19 10:30 ` Ingo Molnar
2005-01-19 17:20 ` John Richard Moser
2005-01-19 17:47 ` Ingo Molnar
2005-01-19 18:35 ` John Richard Moser
2005-01-19 18:55 ` Arjan van de Ven
2005-01-19 19:46 ` John Richard Moser
2005-01-19 19:53 ` Arjan van de Ven
2005-01-20 8:46 ` [Lists-linux-kernel-news] " Ingo Molnar
2005-01-20 8:35 ` Ingo Molnar
2005-01-20 10:44 ` Ingo Molnar
2005-01-20 18:16 ` John Richard Moser
2005-01-20 18:53 ` Valdis.Kletnieks
2005-01-20 18:55 ` Arjan van de Ven
2005-01-20 19:17 ` John Richard Moser
2005-01-20 19:22 ` Christoph Hellwig
2005-01-20 21:24 ` John Richard Moser
2005-01-19 17:52 ` Arjan van de Ven
2005-01-19 18:50 ` John Richard Moser
2005-01-19 19:47 ` Valdis.Kletnieks
2005-01-19 19:53 ` Arjan van de Ven
2005-01-19 20:44 ` Valdis.Kletnieks
2005-01-19 20:12 ` John Richard Moser
2005-01-19 20:42 ` Valdis.Kletnieks
2005-01-19 21:03 ` John Richard Moser
2005-01-19 22:02 ` Splitting up grsecurity and PAX (was " Valdis.Kletnieks
2005-01-19 20:47 ` Diego Calleja
2005-01-25 15:05 ` Bill Davidsen
2005-01-25 15:52 ` Linus Torvalds
2005-01-25 17:27 ` Bill Davidsen
2005-01-25 18:01 ` John Richard Moser
2005-01-25 18:30 ` Linus Torvalds
2005-01-25 18:37 ` John Richard Moser
2005-01-25 18:57 ` Dmitry Torokhov
2005-01-25 19:56 ` John Richard Moser
2005-01-25 20:25 ` J. Bruce Fields
2005-01-25 20:29 ` John Richard Moser
2005-01-25 20:46 ` J. Bruce Fields
2005-01-25 20:53 ` Valdis.Kletnieks
2005-01-25 20:59 ` John Richard Moser
2005-01-25 21:05 ` linux-os
2005-01-25 21:20 ` John Richard Moser
2005-01-26 15:15 ` Jesse Pollard
2005-01-26 16:09 ` Linus Torvalds
2005-01-26 19:15 ` Olaf Hering
2005-01-26 19:28 ` Linus Torvalds
2005-01-26 19:38 ` Olaf Hering
2005-01-26 19:53 ` Linus Torvalds
2005-01-30 15:39 ` Alan Cox
2005-01-26 19:24 ` John Richard Moser
2005-01-26 19:56 ` Bill Davidsen
2005-01-27 16:37 ` Jesse Pollard
2005-01-27 17:18 ` Zan Lynx
2005-01-27 22:18 ` Jesse Pollard
2005-01-27 23:20 ` Bill Davidsen
2005-01-27 23:36 ` John Richard Moser
2005-01-28 0:23 ` linux-os
2005-01-28 0:15 ` Krzysztof Halasa
2005-01-26 0:01 ` Bill Davidsen
2005-01-26 0:40 ` John Richard Moser
2005-01-25 19:05 ` Linus Torvalds
2005-01-25 20:03 ` John Richard Moser
2005-01-25 21:17 ` Al Viro
2005-01-26 16:06 ` Sytse Wielinga
2005-01-26 19:31 ` John Richard Moser
2005-01-26 19:50 ` Valdis.Kletnieks
2005-01-26 20:02 ` John Richard Moser
2005-01-26 20:26 ` Sytse Wielinga
2005-01-26 20:39 ` John Richard Moser
2005-01-26 20:49 ` Sytse Wielinga
2005-01-25 18:08 ` Linus Torvalds
2005-01-14 21:57 ` Russell King
2005-01-19 12:56 ` Pavel Machek
2005-01-19 20:02 ` Bill Davidsen
2005-01-13 4:49 ` William Lee Irwin III
2005-01-13 5:19 ` Dave Jones
2005-01-13 15:36 ` Alan Cox
2005-01-13 3:25 ` Dave Jones
2005-01-13 3:53 ` Marek Habersack
2005-01-13 5:38 ` Barry K. Nathan
2005-01-13 8:59 ` Florian Weimer
2005-01-13 15:31 ` Barry K. Nathan
2005-01-13 15:36 ` Alan Cox
2005-01-13 19:25 ` thoughts on kernel security issuesiig Marek Habersack
2005-01-13 15:36 ` thoughts on kernel security issues Alan Cox
2005-01-13 19:25 ` Christoph Hellwig
2005-01-13 19:33 ` Dave Jones
2005-01-13 19:35 ` Christoph Hellwig
2005-01-13 18:55 ` Alan Cox
2005-01-13 19:59 ` Dave Jones
2005-01-13 19:36 ` Marek Habersack
2005-01-13 8:23 ` Florian Weimer
2005-01-13 16:00 ` Kristofer T. Karas
2005-01-13 3:37 ` Rik van Riel
2005-01-12 19:18 ` Greg KH
2005-01-12 19:38 ` Chris Wright
2005-01-12 19:41 ` Florian Weimer
2005-01-12 23:10 ` Chris Wright
2005-01-12 19:43 ` Florian Weimer
2005-01-12 22:46 ` Chris Wright
2005-01-12 20:49 Hubert Tonneau
2005-01-13 17:29 ` Chris Wright
2005-02-27 12:38 linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41E6C507.5050302@comcast.net \
--to=nigelenki@comcast.net \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chrisw@osdl.org \
--cc=davej@redhat.com \
--cc=greg@kroah.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.tosatti@cyclades.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).