Rawhide kernel image no longer readable
Jon Masters
jonathan at jonmasters.org
Tue Nov 23 15:34:45 UTC 2010
On Sat, 2010-11-20 at 22:45 -0500, Kyle McMartin wrote:
> On Sun, Nov 21, 2010 at 04:41:47AM +0100, Kevin Kofler wrote:
> > Richard W.M. Jones wrote:
> > > The thing is, we really need to be able to boot a kernel in qemu as
> > > non-root, and carrying around a separately compiled or packaged kernel
> > > is in nobody's interest.
> > >
> > > I'm fairly sure this won't be the only application to break. We found
> > > it first because we are compiling and booting Rawhide in qemu
> > > virtually daily (so we tend to find any kernel or qemu problems very
> > > quickly -- it's the bain of my life). But I bet others will be
> > > needing to read those files.
> > >
> > > Also, I do think this smacks a bit of security through obscurity ..
> > > after all, the files that are being 'protected' here are being carried
> > > on a hundred or more mirror sites. It's the worst-kept secret :-)
> >
> > Uhm, indeed, making publicly available files non-readable is really useless.
> >
>
> If it stops even one automated attack, then it's worth while.
Is it going to stop an automated attach? If it's automated, it'll just
get the uts name, then pull the files from some website, or probably
come packed with the known addresses for various kernels (which of the
ones I've seen in the wild for former exploits seems to be what is done
- they don't read these files from the local filesystem). Not sure it's
worth getting all TSA-y on this :)
Jon.
More information about the devel
mailing list