[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checking integrity of /sbin/init from within kernel

To: "Torsten Valentin" <winsock2@musiker.de>
Subject: Re: Checking integrity of /sbin/init from within kernel
From: Otto Moerbeek <otto@drijf.net>
Date: Tue, 1 Oct 2002 11:45:01 +0200
Cc: "'Markus Friedl'" <markus@openbsd.org>, <misc@openbsd.org>

On Tuesday, October 1, 2002, at 11:30 AM, Torsten Valentin wrote:
>
>>> You could say that it could be easy to create a kernel with my
> signature
>>> in it, but it isn't. You cannot read the signature from the kernel,
>> why is it not possible to read this 'signature'?
>
> If you'd want to read the shared secret, you'd have to debug the kernel
> binary to see where it's stored. If you obfuscate the shared secret in
> the kernel this is a hard job do to. I agree that everything that a

Like said before, just replace your kernel and init with a stock one, 
or a modified one, which exaclty prints the messages you expect.

> computer can do (by executing command by command) can be done manually
> by a human and therefore can also be decrypted/hacked. All Chinese
> people together could probably hack a 4096-Bit-PGP-Key if they had just
> one calculator each within a few years. Nevertheless I regard a
> 4096-Bit-PGP-Key as to be secure at the moment.

No, no. You mixup infeasible with just requiring dedication and skill.

> It's the amount of effort that's necessary to crack any kind of
> protection. I doubt there's a lot of people having the capability and
> time to debug the kernel-binary and search for the shared secret that's
> being read by /sbin/init and understand the way you obfuscated it.
>
>>> I think it's a huge improvement in security!
>> how? you just have to replace both 'signatures' or disable the
>> checks.
>
> You say this, as if this was something you'd do just between getting up
> and shaving in the morning.

Your scheme is just another instance of security through obscurity.

>
> In case of the kernel this would mean that you'd have to debug a
> kernel-binary. I know this is theoretically possible, but did you ever
> do this? How big is the chance that your attacker has the skills and 
> the
> time to do this? And how much time will this take him? When I say it

probably just changing a single conditional jump. Or (again) just 
replacing your kernel and init.

> I'm still sure that this would improve security, but I admit that this
> might not be as secure as we'd would want it to be. Anyway, I don't 
> know
> of a better way to achieve this.
>

Start with preventing physical access to the machine!

Otto

References:
- Re: Checking integrity of /sbin/init from within kernel
  - From: "Torsten Valentin" <winsock2@musiker.de>

Prev by Date: Re: Checking integrity of /sbin/init from within kernel
Next by Date: Re: Checking integrity of /sbin/init from within kernel
Prev by thread: Re: Checking integrity of /sbin/init from within kernel
Next by thread: Re: Checking integrity of /sbin/init from within kernel
Index(es):
- Date
- Thread