Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261381AbVB0Min (ORCPT ); Sun, 27 Feb 2005 07:38:43 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261382AbVB0Min (ORCPT ); Sun, 27 Feb 2005 07:38:43 -0500 Received: from science.horizon.com ([192.35.100.1]:12619 "HELO science.horizon.com") by vger.kernel.org with SMTP id S261381AbVB0Mik (ORCPT ); Sun, 27 Feb 2005 07:38:40 -0500 Date: 27 Feb 2005 12:38:39 -0000 Message-ID: <20050227123839.13574.qmail@science.horizon.com> From: linux@horizon.com To: linux-kernel@vger.kernel.org Subject: Re: thoughts on kernel security issues Cc: linux@horizon.com, torvalds@osdl.org Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2497 Lines: 54 I followed the start of this thread when it was about security mailing lists and bug-disclosure rules, and then lost interest. I just looked in again, and I seem to be seeing discussion of merging grsecurity pathes into mainline. I haven't yet found an message where this is proposed explicitly, so if I am inferring incorrectly, I apologize. (And you can ignore the rest of this missive.) However, I did look carefully at an earlier patch that claimed to be a Linux port of some OpenBSD networking randomization code, ostensibly to make packet-guessing attacks more difficult. http://marc.theaimsgroup.com/?l=linux-kernel&m=110693283511865 It was further claimed that this code came via grsecurity. I did verify that the code looked a lot like pieces of OpenBSD, but didn't look at grsecurity at all. However, I did look in some detail at the code itself. http://marc.theaimsgroup.com/?l=linux-netdev&m=110736479712671 What I concluded was that it was broken beyond belief, and the effect on the networking code varied from (due to putting the IP ID generation code in the wrong place) wasting a lot of time randomizing a number that could be a constant zero if not for working around a bug in Microsoft's PPP stack, to (RPC XID generation) severe protocol violation. Not to mention race conditions out the wazoo due to porting single-threaded code. After careful review, I couldn't find a single redeeming feature, or even a good idea that was merely implemented badly. See the posting for details and more colorful criticism. Now, as I said, I have *not* gone to the trouble of seeing if this patch really did come from grsecurity, or if it was horribly damaged in the process of splitting it out. So I may be unfairly blaming grsecurity, but I didn't feel like seeking out more horrible code to torture my sanity with. My personal, judgemental opinion was that if that was typical of grsecurity, it's a festering pile of pus that I'm not going to let anywhere near my kernel, thank you very much. But to the extent that this excerpt constitutes reasonable grounds for suspicion, I would like to recommend a particularly careful review of any grsecurity patches. In addition to Linus' dislike of monolithic patches. Just my $0.02. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/