Re: RFC: disablenetwork facility. (v4)

---

• From: Michael Stone <michael@xxxxxxxxxx>
• Date: Sun, 27 Dec 2009 11:36:10 -0500

---

Serge Hallyn writes:

Michael Stone writes:

The first reason why I'm not too worried is that anyone in a position to use
disablenetwork for nefarious purposes is also probably able to use ptrace(),
kill(), and/or LD_PRELOAD to similar ends.

How do you mean?

I meant that, with the current interface, to set disablenetwork for pid P, you
have either be pid P or to have been one of P's ancestors. In either case, you
have lots of opportunity to mess with P's environment.

I thought that disabling network was a completely
unprivileged operation? And subsequently executing a setuid-root
application won't reset the flag.

Correct and correct for the current patches.

The second reason why I'm not too worried is that I believe it to be
straightforward to use the pre-existing MAC frameworks to prevent individually
important processes from dropping networking privileges.

Do you have a specific concern in mind not addressed by either of these
observations?

Near as I can tell the worst one could do would be to prevent remote
admins from getting useful audit messages, which could give you unlimited
time to keep re-trying the server, on your quest to a brute-force attack
of some sort, i.e. restarting the server with random passwords, and now
no audit msg about the wrong password gets generated, so you're free to
exhaust the space of valid passwords.

Not saying I'm all that worried about it - just something that came to
mind.

I'll think about it further. Fortunately, there's no need to be hasty. :)

Michael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: RFC: disablenetwork facility. (v4)
    • From: Pavel Machek

• References:
  • Re: RFC: disablenetwork facility. (v4)
    • From: Serge E. Hallyn

• Prev by Date: [RFC][PATCH] genirq: Introduce IRQF_ALLOW_NESTED flag for request_irq()
• Next by Date: Re: sky2 panic in 2.6.32.1 under load (new oops)
• Previous by thread: Re: RFC: disablenetwork facility. (v4)
• Next by thread: Re: RFC: disablenetwork facility. (v4)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Networking security question ... > that could endanger the server? ... Quickly coming to mind are two senarios. ... software) and logs all passwords, then breaks into the SBS account. ... (microsoft.public.windows.server.sbs) RE: VmWare and Pen-test Learning ... Setup a tftp server on your client machine. ... Use John the Ripper to crack the passwords. ... (dictionary attacks, brute force, single mode). ... Download FREE whitepaper on how a managed service can help ... (Pen-Test) Re: Strange SSID in the air... ... the cable modem assigning Gateway+DNS to the Linksys router etc.)? ... to verify that DNS lookups actually point to the real web site. ... from overloading one server, while another remains under-utilized. ... dumb applications that are not very smart about encrypting passwords. ... (alt.internet.wireless) Re: unified authentication ... > I have a number of FreeBSD machines. ... Each *class* of server or device gets a different root password (or ... root/enable passwords, and have a bit less worry about ex-employees. ... only sysadmins have logins on routers.) ... (FreeBSD-Security) Re: Strange SSID in the air... ... the cable modem assigning Gateway+DNS to the Linksys router etc.)? ... to verify that DNS lookups actually point to the real web site. ... from overloading one server, while another remains under-utilized. ... dumb applications that are not very smart about encrypting passwords. ... (alt.internet.wireless)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Kernel  > 2009-12