[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lids-user
Subject:    Re: [lids-user] Security hole(s) in the concept of LIDS ?!?
From:       Peter Looyenga <pl () catslair ! org>
Date:       2004-03-23 13:51:19
Message-ID: 20040323135119.GA1738 () linux ! intranet ! lan
[Download RAW message or body]


> i've found a paper that describe how to take off the lids protection
> in only a few steps. I was shocked how easily it was.

Hmm, nothing shocking about it IMO. A bad security model usually results
in a downgrade in security. I don't think you can blame the used
products over this, only the one who has implemented the security

> Sure, this dokument describes an old version of LIDS. But what if
> there exists similarly weaknesses by now.

The only real weakness I've picked up in that document was bad design.
As you can read the whole concept relies on security inheretance, which
is a bad thing to use by design, just due to cases like this.

The whole article is also pretty obsolete by now; with the several
states the system can be in (BOOT, POSTBOOT, SHUTDOWN) even a bad design
like the one the author used wouldn't have to leave these holes since
init would then have an inheritance of 1000 during BOOT and 0 during
POSTBOOT; problem solved.

-- 
Groetjes, Peter

.\\ PGP/GPG key: http://www.catslair.org/pubkey.asc


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
lids-user mailing list
lids-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lids-user
[prev in list] [next in list] [prev in thread] [next in thread]