[LWN Logo]
[LWN.net]

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters
All in one big page

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
January 24, 2002

   
From:	 Adrian Hosey <alh@warhound.org>
To:	 lwn@lwn.net
Subject: kernel modules and security
Date:	 Thu, 17 Jan 2002 08:56:39 -0500 (EST)


> Not everybody likes this idea. Many people build kernels with no loadable
> module support at all, and wish to continue doing so. Their reasons
> include:
>
>    * Security. Some people feel safer if there is not an easy way to
>      patch code into their running kernels. The fact of the matter,
>      though, is that the Bad Guys figured out how to modify a running
>      kernel some time ago, whether or not that kernel has loadable module
>      support."


This is specious reasoning. Security is about probabilities and
possibilities. By closing as many avenues as possible, I reduce the
probability of being a victim. There may be a very few Bad Guys out there
who know how to take advantage of a modular kernel, but there are even
fewer who know how to modify a running static kernel.

Let's estimate that 1 thief in 1000 carries a set of lockpicks. You still
lock the door to your home don't you? To keep out the other 999? Saying
that "A does not matter because some small number of people know how to do
B" just does not follow.


-- 
I am woefully underprepared to rock.
   
From:	 "Brad Spengler" <bspengle@bucknell.edu>
To:	 <lwn@lwn.net>
Subject: about module security
Date:	 Thu, 17 Jan 2002 21:21:22 -0500

>From the kernel section:
>"Security. Some people feel safer if there is not an easy way to patch
>code into their running kernels. The fact of the matter, though, is that
>the Bad Guys figured out how to modify a running kernel some time ago,
>whether or not that kernel has loadable module support."

You failed to mention that it's trivial to also stop the only other
method attackers are able to use to modify the kernel code without
module support.  It's a simple one-line patch that has been shown in the
newest edition of phrack and will be included in grsecurity 1.9.3 with
logging.  So, really, the security of module support isn't a "non-issue"
as you claim it to be.

-Brad
http://grsecurity.net
   
From:	 David.Kastrup@t-online.de (David Kastrup)
To:	 letters@lwn.net
Subject: A sidenote to the AOL/RedHat merger story
Date:	 20 Jan 2002 21:08:10 +0100


When this letter is published, matters will probably have long cleared
up.  Whichever way they do this, I would like to remind people of a
small thing that has been widely overlooked.

When RedHat was afloat with market capitalization, they acquired a
strategic asset before anybody else could.  Cygnus, a comparatively
small company in charge of the development of gcc, the GNU compiler
collection.  This compiler is crucial as infrastructure to most Free
Software projects.  Linux would not have happened without it.  The
quality of the generated code currently is good, mostly.  It usually
cannot hold water compared to the best commercial compilers with a
larger development crew and probably less portability, but it is good
enough to be workable for most projects on a wide range of platforms.
Competitiveness of free software hinges upon the quality of this
project, and its ability to cope with the idiosyncrasies of frequently
emerging new processor architectural details.

For this reason alone, the purported deal cannot be shrugged off in
the vein of "well, if RedHat goes down the drain, there will be dozens
of other distributions remaining".  The clout (or lack of it) behind
gcc development is crucial for Free Software.  So let's all hope for
the best.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum
Email: David.Kastrup@t-online.de
   
From:	 Dylan Griffiths <Inoshiro@kuro5hin.org>
To:	 letters@lwn.net
Subject: Shortsightedness of some kernel developers.
Date:	 Thu, 17 Jan 2002 17:10:58 -0600

	Since no one seems to have pointed this out, much more than "Aunt Tilly" 
would benefit from an autoconfiguration system for Linux.  Ever deploy 
Linux on a 6 box homogeneous network?  You can share your kernel config. 
BUT, move to a company with a few hundred boxes, each one from a different 
generation of purchasing... and you find out, you really need that 
autoconfig.  That way you can script deployment in ways you currently can't.

	Added functionality like this doesn't make "the 31337" less so, it merely 
opens up more possibilities.  Precisely why I started using Linux 
specifically, and computers in general.
-- 
     www.kuro5hin.org -- technology and culture, from the trenches.
                          -=-=-=-=-=-
Those that give up liberty to obtain safety deserve neither.
  -- Benjamin Franklin
   http://www.zdnet.com/zdnn/stories/news/0,4586,2812463,00.html
   http://slashdot.org/article.pl?sid=01/09/16/1647231
                          -=-=-=-=-=-
   
From:	 Guy Harris <gharris@sonic.net>
To:	 Bryan Henderson <bryanh@giraffe-data.com>
Subject: Re: buffer overruns - helpful tool
Date:	 Thu, 17 Jan 2002 23:44:35 -0800
Cc:	 letters@lwn.net

> asprintf() is a surprisingly little-used GNU C library routine.  It's 
> special to the GNU library, so you can use it only in Linux-only code.

No, and no.

% uname -sr
FreeBSD 3.4-RELEASE
% man asprintf

PRINTF(3)              FreeBSD Library Functions Manual              PRINTF(3)

NAME
     printf, fprintf, sprintf, snprintf, asprintf, vprintf, vfprintf,
     vsprintf, vsnprintf, vasprintf - formatted output conversion

SYNOPSIS
     #include <stdio.h>

	...

     int
     asprintf(char **ret, const char *format, ...)

	...

DESCRIPTION
     The printf() family of functions produces output according to a format as
     described below.  Printf() and vprintf() write output to stdout, the
     standard output stream; fprintf() and vfprintf() write output to the giv-
     en output stream; sprintf(), snprintf(), vsprintf(), and vsnprintf()
     write to the character string str; and asprintf() and vasprintf() dynami-
     cally allocate a new string with malloc(3).

		...

     Asprintf() and vasprintf() return a pointer to a buffer sufficiently
     large to hold the string in the ret argument; This pointer should be
     passed to free(3) to release the allocated storage when it is no longer
     needed.  If sufficient space cannot be allocated, asprintf() and
     vasprintf() will return -1 and set ret to be a NULL pointer.

		...

NetBSD and OpenBSD have it as well.

So perhaps it should be rephrased as

	asprintf() is a surprisingly little-used GNU C library and BSD C
	library routine.  It's special to the GNU library and the
	{Free,Net,Open}BSD C libraries, so you can use it only in code
	that only runs on free UNIXes, unless you use your own copy of
	asprintf on UNIXes lacking it, or, on those platforms, use GNU
	libiberty:

		http://gcc.gnu.org/onlinedocs/libiberty/

	which includes asprintf().
 

 

 
Eklektix, Inc. Linux powered! Copyright © 2002 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds