WP: Linus on Linux kernel security and more.

Post #406,002 by Another Scott 11/5/15 6:06:51 PM Reply	WP: Linus on Linux kernel security and more. Washington Post. It's aimed at a lay-audience, so a lot of it is dumbed down. But it's still interesting. I'm not sure I agree with this though: Even without a potential nuclear disaster, the stakes are high. Operating system kernels are the most essential code on any computer, allowing hardware to work smoothly with multiple pieces of software. This makes kernels uniquely powerful — they can override the safeguards on any other program, meaning nothing on a computer is truly secure if the operating system kernel is not. A kernel is designed to let other programs run and access the machine. The phrasing seems to imply that a kernel can break the security of running programs. That seems nonsensical to me. A virus isn't a kernel, and an infect kernel is a kernel running a virus - not kernel itself. That last sentence tells you the slant of the article. Any system that allows writing to memory is a potentially insecure. I believe it's been proven that you cannot have a system that can be verified to be virus-proof. (I.e. checking for virus signatures only goes so far - what if the list is changed? Etc.) (via Mary Zeman on G+) Cheers, Scott.
Post #406,006 by pwhysall 11/5/15 7:49:41 PM Reply	Re: WP: Linus on Linux kernel security and more. Well, that sucks. Can't view a G+ post unless signed in to Google. Strike one more thing from the short list of "reasons G+ is better than Facebook".
Post #406,008 by Another Scott 11/5/15 8:41:44 PM Reply	Interesting. I wonder how new that is. :-(
Post #406,009 by boxley 11/5/15 10:22:29 PM 11/5/15 10:23:16 PM Reply	I believe it's been proven that you cannot have a system that can be verified to be virus-proof. hogwash, we were doing it in the 1990s and can still do it build a *nix off of the network with preselected network routing info with no hd only a readonly floppy/usb stick remove uid 0 (edit added a wrong step) Good luck breaking into that you can kill people for America at age 18 but need to be 21 to buy a beer Edited by boxley Nov. 5, 2015, 10:23:16 PM EST Expand All History
Post #406,012 by drook 11/5/15 10:39:55 PM Reply	And don't turn it on -- Drew
Post #406,013 by Another Scott 11/5/15 10:41:10 PM Reply	Fred Cohen in 1987. An Undetectable Computer Virus (8 page .pdf): One of the few solid theoretical results in the study of computer viruses is Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses [1]. This brief paper adds to the bad news, by pointing out that there are computer viruses which no algorithm can detect, even under a somewhat more liberal definition of detection. We also comment on the senses of "detect" used in these results, and note that the immediate impact of these results on computer virus detection in the real world is small. Yes, there are ways to keep computers from being infected under most circumstances, but you cannot make - and prove - that a computer system is virus-proof. HTH. Cheers, Scott.
Post #406,015 by malraux 11/5/15 10:48:39 PM Reply	And that only works if you trust the compiler, too. :-) Regards, -scott Welcome to Rivendell, Mr. Anderson.
Post #406,017 by boxley 11/5/15 10:52:05 PM Reply	back in those days we built the compilers :-) you can kill people for America at age 18 but need to be 21 to buy a beer
Post #406,021 by malraux 11/5/15 11:40:14 PM Reply	Ah, but what did you compile them with? http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/ Regards, -scott Welcome to Rivendell, Mr. Anderson.
Post #406,024 by Another Scott 11/5/15 11:53:13 PM Reply	Oooh. Nice. Thanks muchly. (Interesting comments too.)
Post #406,027 by boxley 11/6/15 12:32:32 AM Reply	assembler, required for a cs degree in 1992 had to do the boss's wifes homework. you can kill people for America at age 18 but need to be 21 to buy a beer
Post #406,029 by pwhysall 11/6/15 2:00:28 AM Reply	Who wrote the assembler? You didn't construct the executable image by hand in a hex editor. But if you did, who wrote the hex editor? Turtles all the way down!
Post #406,036 by malraux 11/6/15 9:18:50 AM Reply	Beat me to it. I like turtles. Regards, -scott Welcome to Rivendell, Mr. Anderson.
Post #406,038 by Another Scott 11/6/15 10:05:46 AM Reply	FTW! https://www.youtube.com/watch?v=CMNry4PE93Y (0:17) Portland, of course. :-) Cheers, Scott.
Post #406,049 by boxley 11/6/15 12:10:59 PM Reply	I wrote the assembler for the machine code but ya got me using a hex editor you can kill people for America at age 18 but need to be 21 to buy a beer
Post #406,052 by drook 11/6/15 12:48:10 PM Reply	Did you poke the holes out of the paper tape with a pin? No? Pussy -- Drew
Post #406,054 by boxley 11/6/15 12:49:46 PM Reply	that was before my time sorry you can kill people for America at age 18 but need to be 21 to buy a beer
Post #406,057 by a6l6e6x 11/6/15 1:59:33 PM Reply	Where does using a Flexowriter fit? Friden Flexowriter. You hit typewriter keys and it punches the holes in paper tape. Using manual paper tape punch was only used for editing. My first bit of code was machine code (homework assignment without benefit of assembler) and we did that in octal (not hex). The machine had an 18-bit word architecture, so it took 6 octal digits to specify a word. So, the code would have looked something like this: 145703 342521 231453 ... The professor wanted us appreciate the convenience of an assembler! Alex "There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge." -- Isaac Asimov
Post #406,058 by drook 11/6/15 2:02:11 PM Reply	You ... win? Not quite sure that's the right word for that. -- Drew
Post #406,061 by boxley 11/6/15 2:39:54 PM Reply	Alex and Skip win all those argies hands down you can kill people for America at age 18 but need to be 21 to buy a beer
Post #406,068 by Another Scott 11/6/15 4:32:57 PM Reply	:-) My first "program" (to brute-force find and print prime numbers) was on a teletype with a paper tape punch/reader. 300 baud FTW! Neat story! I hope you're documenting these things in more detail somewhere! :-) Cheers, Scott.
Post #406,069 by a6l6e6x 11/6/15 6:50:35 PM Reply	Well, it was the TX-0 computer, and a historical machine. Computer History Museum. It was the first computer to ever use both transistors for the circuitry and ferrite cores for memory. It was a single copy, proof of concept, machine built at MIT Lincoln Labs. It was a re-implementation of the vacuum tube based Whirlwind computer. Originally with 64 K words, it was downgraded to 4 K words when given to MIT's EE department. That original memory was redeployed in the MIT Lincoln Lab's TX-2 computer a 36-bit machine. As a side note, note the rectangular gray area to the left of the middle chair's backrest. That is an array of 16 x 18 toggle switches which coded the "boot loader" i.e. a bit like BIOS. The circuit designer was Ken Olson who, soon after the TX-2 project, started DEC (Digital Equipment Corp) and started making and selling the PDP-1 computer. Ken was good enough to give a PDP-1 to MIT. It was across the hall from my office, so I got to play with it on occasion. Alex "There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge." -- Isaac Asimov
Post #406,072 by scoenye 11/6/15 8:31:00 PM Reply	Just the compiler? http://www.reuters.com/article/2015/02/17/us-usa-cyberspying-idUSKBN0LK1QV20150217 The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives. http://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/ Kaspersky's analysis says the NSA made a breakthrough by infecting hard disk firmware with malware known only as nls_933w.dll capable of persisting across machine wipes to re-infect targeted systems. .dll? Oh, wait...
Post #406,020 by scoenye 11/5/15 11:29:19 PM Reply	Not quite nonsensical Malware running in kernel mode has free access to everything. If it can inject itself in a driver chain, all data that flows trough there is accessible. But implying Linux was the enabling cause of the Ashley Madison hack is pure FUD. Nothing definite about the breach point has been released, AFAIK, but if the perps are to be believed, the root account password on all servers was Pass1234. With friends like that, you do not need kernel vulnerabilities :-/
Post #406,022 by malraux 11/5/15 11:41:34 PM Reply	O_o I know it wasn't a financial system, but seriously...? Because no-one would ever want to hack into something like that... smh... Regards, -scott Welcome to Rivendell, Mr. Anderson.
Post #406,025 by Another Scott 11/5/15 11:59:04 PM Reply	Sure, but... This is a semantic argument on my part, and maybe I've got it wrong, but I would argue that a virus running in a protected kernel mode on a processor is still a virus and not a kernel itself. Maybe the author had to try to simplify the discussion, but the way I read what was written is (roughly): "Because Linus is stubborn and in over his head when it comes to security, his kernel can take over a nuclear power plant and kill millions of people." :-/ The password thing is all too believable... Thanks. Cheers, Scott.
Post #406,030 by pwhysall 11/6/15 2:01:54 AM Reply	Why even bother hacking the kernel? That's hard - both to do and to exploit once you've done it. Much easier to rely on the fact that either the application stack is vulnerable or, even more likely, a human being fucked things up.
Post #406,071 by scoenye 11/6/15 8:19:22 PM Reply	Indeed

Welcome to IWETHEY!