[BBLISA] Secure, authenticated file serving to untrusted clients
Dean Anderson
dean at av8.com
Sat Apr 18 15:52:54 EDT 2009
On Fri, 17 Apr 2009, Michael Sprague wrote:
> I could be way off base here, but couldn't you use something like
> grsecurity or selinux to prevent even root from doing anything bad to
> the network attached storage? That's basically what we do where I work
> and we use grsecurity.
You aren't way off base---it took ph.d.'s some time to realize this
during the development of OSF/1's B1 security. OSF/1 was the first
attempt at B1 that used loadable kernel modules. The short answer is
"No, they won't help if root can't be trusted". The reason is that once
you have kernel loader privilege, you can alter the kernel to circumvent
whatever security has been added to it, including altering logs before
they are written to write-once media. I don't recall if they altered the
orange book or if they quit certification for B1. Selinux will help a
lot with root exploits by partitioning root privileges, but once you can
load kernel modules, the security game is over; its just forensics after
that. The linux guys are really good at patching running kernels, too.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the bblisa
mailing list