View previous topic :: View next topic |
Author |
Message |
asimon l33t
Joined: 27 Jun 2002 Posts: 979 Location: Germany, Old Europe
|
Posted: Sat Oct 18, 2003 10:28 am Post subject: |
|
|
avenj wrote: |
Indeed, though that holds true for any monolithic system. That's one of the things I, personally, like about microkernels: Part of the kernel exploitable? Upgrade and replace it without a reboot. Filesystem drivers and network drivers are still a problem (and the underlying microkernel beneath the servers/translators), but it's a step forward. |
From a security point of view it's also a step backward. A bug could make it possible for Mr. Evil Guy to replace parts of your microkernel without your authorization. Now that is fun. For highly secure systems I would prefer a static kernel which can't load/replace modules at all. |
|
Back to top |
|
|
avenj Retired Dev
Joined: 11 Oct 2002 Posts: 495 Location: New Hampshire
|
Posted: Sat Oct 18, 2003 7:16 pm Post subject: |
|
|
asimon wrote: | avenj wrote: |
Indeed, though that holds true for any monolithic system. That's one of the things I, personally, like about microkernels: Part of the kernel exploitable? Upgrade and replace it without a reboot. Filesystem drivers and network drivers are still a problem (and the underlying microkernel beneath the servers/translators), but it's a step forward. |
From a security point of view it's also a step backward. A bug could make it possible for Mr. Evil Guy to replace parts of your microkernel without your authorization. Now that is fun. For highly secure systems I would prefer a static kernel which can't load/replace modules at all. |
If they can do that, they're root, and if they're root, your system is compromised regardless of what kind of kernel you're running. |
|
Back to top |
|
|
puke Tux's lil' helper
Joined: 05 Oct 2002 Posts: 128
|
Posted: Sat Oct 18, 2003 9:24 pm Post subject: |
|
|
avenj wrote: | asimon wrote: | avenj wrote: |
Indeed, though that holds true for any monolithic system. That's one of the things I, personally, like about microkernels: Part of the kernel exploitable? Upgrade and replace it without a reboot. Filesystem drivers and network drivers are still a problem (and the underlying microkernel beneath the servers/translators), but it's a step forward. |
From a security point of view it's also a step backward. A bug could make it possible for Mr. Evil Guy to replace parts of your microkernel without your authorization. Now that is fun. For highly secure systems I would prefer a static kernel which can't load/replace modules at all. |
If they can do that, they're root, and if they're root, your system is compromised regardless of what kind of kernel you're running. |
If you compile a monolithic kernel properly, even root can't easily load modules.
This reminds me of the "compiler security" thread. Is my box any more secure now that I've removed the compiler? Let the games begin!
Just so I'm not OT: Gentoo's big plus for me is the ease in which you can upgrade packages, especially due to security vulnerabilities. I mean,
Code: |
emerge sync; emerge problempackage; emerge clean
|
That's pretty sweet. If you've tested the package first, that's a pretty good argument for running gentoo on production boxes.
The GCC package problems don't help gentoo's reputation for stability though... (regardless of bleeding edge or not) |
|
Back to top |
|
|
asimon l33t
Joined: 27 Jun 2002 Posts: 979 Location: Germany, Old Europe
|
Posted: Sun Oct 19, 2003 8:47 am Post subject: |
|
|
avenj wrote: |
If they can do that, they're root, and if they're root, your system is compromised regardless of what kind of kernel you're running. |
That depends. If your assumption holds always true than it may be so. But many security systems fail because their fundamental assumptions are false or don't always hold true. So lets hope that there is no bug in your kernel which could enable a non-superuser to modify the kernel and that no user could lead root to inadvertently modify the kernel so that this user can do his attack. Also there are systems with a fine rights granulation then root-groups-users, there may not exist one superuser which can do everything. |
|
Back to top |
|
|
pranyi Apprentice
Joined: 06 Mar 2003 Posts: 293 Location: Germany
|
Posted: Sun Oct 19, 2003 10:01 am Post subject: |
|
|
I don't think that the ditrowatch article is worth discussion at all.
It is nothing but the collection of the most common prejudices. |
|
Back to top |
|
|
gatty n00b
Joined: 30 Oct 2003 Posts: 1 Location: Reading, UK
|
Posted: Thu Oct 30, 2003 11:37 am Post subject: |
|
|
I am running Gentoo on a dual 2.4GHz xeon box with 1GB RAM, 80GB system disk, 3 x 120GB data disks on a 3ware card and 2 x acenic gigabit cards (trunked) as my research group's central server.
This server is our file server, backup server, web server, DHCP server, and also runs some in-house java video compression / streaming software (heavily threaded!). It runs multicast-based software which controls a couple of large mobile robots for our research (which netboot off the box), as well as allowing people online access to a number of smaller robots. We also allow certain students to use the processing power for distcc compiling and running fortran code.
Ok, it took me a day to set the box up to do all this (including waiting for the RAID5 to initialise), but IMHO with other distros it would have taken a lot longer to strip out all the junk I don't need and optimise them for the hardware.
Oh, and this box has also been the "victim" of penetration testing by our IT security auditors and they couldn't touch it!
So I would say Gentoo is definitely mission-critical / production environment ready.
- Andy |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|