Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsReport from the USENIX security module BOF. The Linux Security Module project got its start at the Kernel Hackers' Summit back in March; there, Linus Torvalds said that he wanted to see a single, well-defined interface for the addition of enhanced security mechanisms to the Linux kernel. Numerous security hackers have been working on this interface since then; a fair amount of real code has been produced.The security module group met in person, perhaps for the first time, at a BOF session at the USENIX technical conference in Boston. Thanks to Emily Ratliff, we have a summary of what happened there. It is an interesting view into the future of enhanced Linux security. For example: should security-related modules be allowed to implement policy that is more permissive than what the system would do normally? The conclusion at the BOF seems to have been that security modules should only have veto power. This decision restricts the scope of the security policies that can be implemented, but it also makes it easier to have confidence in the security of the resulting system. When security modules can open new doors, they can also open new holes; disallowing this capability for now will make it easier to get a secure framework in place soon. There still hasn't been a decision on whether the Linux capability mechanism should be split out and implemented as a security module. Capabilities are currently wired deeply into the kernel and would take some work to extract. Implementing them as a security module would increase flexibility, however, and provide a heavily-used demonstration of the security module interface. Should security decisions relative to files be made based on the pathname of the file, or on its inode? Different projects have made different decisions in this regard, and the security module structure currently supports both modes. Some fear that this implementation may be seen as an excessive duplication of functionality. Finally, should the security module implementation be submitted for inclusion in 2.5, once that series opens up? Probably not, as it turns out. There's a number of issues still needing to be worked out, including basic things like the locking requirements for security hooks. It would be a good idea, however, to get this patch into 2.5 relatively early. It will need a great deal of testing and review before it is ready for a stable release. A study in scarlet. Shaun Clowes has posted the text of a presentation of his entitled A Study In Scarlet; it covers a long list of security traps in the PHP programming language. PHP provides a great deal of functionality and makes life easy for the programmer, but it also makes it easy to open up security holes on the system. Anybody who writes PHP code for the net should probably have a look at this text, followed by a long look at the code. Another IPFilter license change. The difficulties with the licensing of the BSD IPFilter package were covered in the May 24 LWN weekly edition. Now, according to the OpenBSD Journal, the license has changed again. The new license allows modification and redistribution, and thus appears to be a free software license. It resembles the BSD license, with one exception: it explicitly disallows placing the code under the GPL. Security ReportsUser input validation error in GNATS. Joost Pol found a problem in the GNATS bug tracking system; a properly-constructed URL passed to the help system can result in the reading of any (accessible to GNATS) file on the system. See this advisory for details and upgrade information.
PHP 4.0.5 vulnerabilities.
Joost Pol has reported a couple of
vulnerabilities in PHP 4.0.5. Both of them require that the attacker
be able to load PHP scripts on the target machine. The first involves a
new argument to the mail() function, which can be used to execute
commands on the server. The second is a violation of the "safe mode"
policy which can expose unwanted files to the net. No fix is available at
this time.
web scripts.
UpdatesSamba buffer overflow See the June 28 LWN security page for the initial report on the Samba macro vulnerability.
Previous updates:
scotty (ntping) buffer overflow See the June 28 LWN security page for the initial report of this buffer overflow problem with scotty.
xinetd buffer overflow. Check the June 14th LWN Security Summary for the initial report. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging. Since then, more extensive problems have been found in string handling in xinetd, and the current round of updates addresses them.This week's updates:
Previous updates:
Zope Zclass security update. This week's updates: Previous updates:
EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
July 4, 2001
LWN Resources | |||||||||||||||||||||