Re: Is Fedora, or Linux in general, vulnerable to a "paging exploit" like Vista appears to be?

On Thu, Oct 19, 2006 at 12:33:28PM -0700, Douglas Phillipson wrote:

Can a non-root or even a root owned process access the swap space.

non-root: no. (unless the user is a member of group 'disk' -- which by
default, no user should be)
root: yes, but at that point, you've lost anyway, and there are far
more fun things to do than scribble on swap space.

I'm not 100% certain, but SELinux may also add an additional restriction
to who can touch raw disks. You may need policy adjustments if you're
running in enforcing mode. It's certainly doable, I'm just not sure
if our current policy enforces this.

file on Windows which probably makes it easier than Linux. Swap on
Linux typically is a unformatted file system, but can be a file in the
file system if desired.

That file won't be writable by anyone other than root.

The key phrase in that pdf is this..

"Vista allows usermode app to get raw access to disk"

G A M E O V E R .

This is pretty damned amazing that they haven't considered this a
fundamental security problem, as it bypasses any form of access controls
that are placed on files, allowing for all sorts of fun even without
owning the box as described in this paper.

As I understand the exploit, Microsoft has
implemented a policy with Vista that only drivers "Signed" by Microsoft
can be installed on Vista. This "Paging" exploit completely bypasses
this requirement, easily.

The whole notion of pagable device drivers is utter lunacy to begin with.
Combined with the above brain damage, it's trivially exploitable, and
unless they fix this before GA, I wouldn't be surprised if a whole slew
of malware starts abusing this.

Dave

--
http://www.codemonkey.org.uk

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Password Aging and System Accounts
    ... > have a policy where they don't age their root passwords? ... the Policy of password aging apply to the root account, ... Logins from the system console as root are ...
    (comp.unix.admin)
  • Re: Password Aging and System Accounts
    ... > have a policy where they don't age their root passwords? ... the Policy of password aging apply to the root account, ... Logins from the system console as root are ...
    (comp.security.unix)
  • Re: networking xp to vista
    ... I am trying to access the C: drive not the root drive. ... Ron comuter administrator and my vista has Ron administrator as the user ... UI only allows this through the advanced sharing option. ... permissions on a file share are a combination of Folder and Share ...
    (microsoft.public.windows.vista.networking_sharing)
  • Re: GPO Limts
    ... The exception to these rules is block policy inheritance, ... The Computer section of a GPO is applied during boot-up. ... Computer OU (diffrent GP applied with same entrys) ... same entrys as both root and computer) ...
    (microsoft.public.windows.server.active_directory)
  • Re: [kde-linux] Hotplug (USB) Problem with KDE 3.5.5 - dbus/hal - SOLVED
    ... Not by adding ALL users to the group 'plugdev' ... ... dbus and hal. ... If you look at the config file '/etc/dbus-1/system.d/hal.conf' you can find the following policy ... # Xstartup - run as root before session starts ...
    (KDE)