[bcc'd to Dan Goodin @ theregister]
If anyone wants a choice quote from me about the recent Linux holes,
this is what I have to say:
Linus is too busy thinking about masturabating monkeys, he doesn't
have time to care about Linux security.
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008. We are not super proud of the solution, but it
is what seems best faced with a stupid Intel architectural choice.
However, it seems that everyone else is slowly coming around to the
same solution.
The commit message:
CVSROOT: /cvs
Module name: src
Changes by: deraadt@cvs.openbsd.org 2008/06/24 15:24:03
Modified files:
sys/arch/alpha/include: vmparam.h
sys/arch/amd64/include: vmparam.h
sys/arch/arm/include: vmparam.h
sys/arch/i386/include: vmparam.h
sys/arch/sh/include: vmparam.h
sys/arch/sparc/include: vmparam.h
sys/arch/vax/include: vmparam.h
sys/arch/sh/sh : trap.c
Log message:
On user/kernel shared page table machines, do not let processes map their
own page 0, as discussed with miod (and many others previously, including
art and toby). On sparc, make this basically they are resisting this for Windows binary compatibility
Ironic, isn't it? If anyone else tells you that is not the #1
reason, they are lying. We decided we don't care about Wine.
2) At least three of our developers were aware of this exploitation
method going back perhaps two years before than the commit, but we
gnashed our teeth a lot to try to find other solutions. Clever
cpu architectures don't have this issue because the virtual address
spaces are seperate, so i386/amd64 are the ones with the big impact.
We did think long and hard about tlb bashing page 0 everytime we
switch into the kernel, but it still does not look attractive from
a performance standpoint.
3) Last week a bug was found in OpenBSD's kernel which was locally
exploitable before the commit on Jun 24, 2008. Afterwards that fix,
it simply becomes a kernel crash; you cannot gain priviledge from
it. The reality is that kernel bugs will always exist, no matter
how hard we try. Our focus therefore is always on finding innovative
ideas which make bugs very hard to exploit succesfully. Bugs will
exist. At least they should be more difficult to exploit.
3) Note the date of the commit, 2008/06/24. Interestingly, this commit
was done 1 month before Linus posted this:
http://article.gmane.org/gmane.linux.kernel/706950
I'm glad we care about security and trying to make things better, and
I am glad that Linus prefers to write articles about monkey
masturbation. In life, everyone should stick to what they know the
most about. Because Linus knows dick all about security research.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Gilles Chehade on
2009-11-03T23:34:57+00:00
On Tue, Nov 03, 2009 at 04:58:25PM -0700, Theo de Raadt wrote:
> [bcc'd to Dan Goodin @ theregister]
>
> If anyone wants a choice quote from me about the recent Linux holes,
> this is what I have to say:
>
> Linus is too busy thinking about masturabating monkeys, he doesn't
> have time to care about Linux security.
>
I was considering offering him this:
http://www.wellcoolstuff.com/Merchant2/graphics/00000001/20-Apr-07-05.jpg
But couldn't get my hands on one yet ;-)
Gilles
http://www.poolp.org
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Claire beuserie on
2009-11-04T01:03:28+00:00
Hi,
On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt <deraadt@cvs.openbsd.org>wrote:
> 2) At least three of our developers were aware of this exploitation
> method going back perhaps two years before than the commit, but we
> gnashed our teeth a lot to try to find other solutions. Clever
> cpu architectures don't have this issue because the virtual address
> spaces are seperate, so i386/amd64 are the ones with the big impact.
> We did think long and hard about tlb bashing page 0 everytime we
> switch into the kernel, but it still does not look attractive from
> a performance standpoint.
>
I'm confused.
That came out a bit weird: are you saying you knew about the bug for 2 years
but did not fix it?
c.b-
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Gonzalo Lionel Rodriguez on
2009-11-04T01:10:05+00:00
2009/11/3 Claire beuserie <claire.beuserie@gmail.com>:
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt
<deraadt@cvs.openbsd.org>wrote:
>
>> 2) At least three of our developers were aware of this exploitation
>> method going back perhaps two years before than the commit, but we
>> gnashed our teeth a lot to try to find other solutions. Clever
>> cpu architectures don't have this issue because the virtual address
>> spaces are seperate, so i386/amd64 are the ones with the big impact.
>> We did think long and hard about tlb bashing page 0 everytime we
>> switch into the kernel, but it still does not look attractive from
>> a performance standpoint.
>>
>
> I'm confused.
>
> That came out a bit weird: are you saying you knew about the bug for 2
years
> but did not fix it?
>
>
> c.b-
>
>
Linux way.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Cor on
2009-11-04T01:50:22+00:00
My interpretation is that yes, they identified it as a possibility, but
due to limitations of the Intel platform, there wasn't an obvious,
clean, "correct" way to fix it.
I don't think this is a "primary" exploit, however. You would have to
have a buffer overflow or something in some other app first. Fixing
this, as someone stated, mitigates the consequences of other primary
exploits. But feel free to correct me if I'm wrong (do I really need to
say that? :)
C2
Claire beuserie wrote:
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt <deraadt@cvs.openbsd.org>wrote:
>
>
>> 2) At least three of our developers were aware of this exploitation
>> method going back perhaps two years before than the commit, but we
>> gnashed our teeth a lot to try to find other solutions. Clever
>> cpu architectures don't have this issue because the virtual address
>> spaces are seperate, so i386/amd64 are the ones with the big impact.
>> We did think long and hard about tlb bashing page 0 everytime we
>> switch into the kernel, but it still does not look attractive from
>> a performance standpoint.
>>
>>
>
> I'm confused.
>
> That came out a bit weird: are you saying you knew about the bug for 2 years
> but did not fix it?
>
>
> c.b-
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Tobias Ulmer on
2009-11-04T01:52:06+00:00
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote:
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt <deraadt@cvs.openbsd.org>wrote:
>
> > 2) At least three of our developers were aware of this exploitation
> > method going back perhaps two years before than the commit, but we
> > gnashed our teeth a lot to try to find other solutions. Clever
> > cpu architectures don't have this issue because the virtual address
> > spaces are seperate, so i386/amd64 are the ones with the big impact.
> > We did think long and hard about tlb bashing page 0 everytime we
> > switch into the kernel, but it still does not look attractive from
> > a performance standpoint.
> >
>
> I'm confused.
>
> That came out a bit weird: are you saying you knew about the bug for 2 years
> but did not fix it?
It's not "the bug", it's a class of vulnerabilities that allows to
exploit a NULL pointer dereference under certain circumstances.
http://packetstorm.linuxsecurity.com/poisonpen/8lgm/ptchown.c
is commonly cited as the oldest public source (1994). Use google for
more.
>
>
> c.b-
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Aaron Mason on
2009-11-04T01:56:04+00:00
On Wed, Nov 4, 2009 at 1:04 PM, Gonzalo Lionel Rodriguez
<gonzalo@sepp0.com.ar> wrote:
> 2009/11/3 Claire beuserie <claire.beuserie@gmail.com>:
>> Hi,
>>
>> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt
> <deraadt@cvs.openbsd.org>wrote:
>>
>>> 2) At least three of our developers were aware of this exploitation
>>> method going back perhaps two years before than the commit, but we
>>> gnashed our teeth a lot to try to find other solutions. Clever
>>> cpu architectures don't have this issue because the virtual address
>>> spaces are seperate, so i386/amd64 are the ones with the big impact.
>>> We did think long and hard about tlb bashing page 0 everytime we
>>> switch into the kernel, but it still does not look attractive from
>>> a performance standpoint.
>>>
>>
>> I'm confused.
>>
>> That came out a bit weird: are you saying you knew about the bug for 2
> years
>> but did not fix it?
>>
>>
>> c.b-
>>
>>
>
> Linux way.
>
>
What a knob. It makes me sad to say I used his crap now if he has
that much contempt for those who value security before practicality.
It's good to see Theo et al stick to their guns on this issue. I'd
rather have a machine that is secure than one that can run Windows
binaries.
Wine is a good idea, but it's stifling an even better idea - making
applications compatible across multiple OSes, something that hasn't
needed to be done in the M$ world because of the stranglehold they
had/have over the consumer market.
Let's put this into perspective: Linux would absolutely jump in
popularity if Valve ported Steam and the Source engine to it, meaning
games like the Half Life series, Left 4 Dead and Team Fortress 2 could
run natively - not to mention that it would prompt other games that
sell their wares through the Steam CDS to port their games as well -
but since most of the games run just fine in Wine these days, there's
no incentive.
Linus is shooting himself in the foot and he has no idea. Linux tries
to be everything to everyone, and by doing it the way is does, it
greatly limits its potential.
OpenBSD does one thing and does it well - being secure. That's all
there is to it.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Scott McEachern on
2009-11-04T02:43:22+00:00
Theo de Raadt wrote:
> http://article.gmane.org/gmane.linux.kernel/706950
>
>
>
I replaced Linux around '01 or '02 with OpenBSD both at companies I've
worked for since and at home. I don't really care what other people use
for their needs, and I've been neutral in my opinion about Torvalds and
Linux (mostly because I don't pay any attention to what he or anyone
else in the Linux crowd have to say.) I didn't move to, or stick with,
OpenBSD as an anti-Linux (or anti-anything) statement.
My opinion changed today when I read Linus' email from Theo's link.
Linus seriously thinks that any random bug in any app that causes a
crash is just as important as a security hole that gets your box rooted?
Now I don't just think he's an idiot, I know it. Now I understand the
background to the disparaging comments Theo has made about Linus now and
then.
http://www.erratic.ca
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Theo de Raadt on
2009-11-04T02:54:10+00:00
> Theo de Raadt wrote:
> > http://article.gmane.org/gmane.linux.kernel/706950
> >
> >
> >
> I replaced Linux around '01 or '02 with OpenBSD both at companies I've
> worked for since and at home. I don't really care what other people use
> for their needs, and I've been neutral in my opinion about Torvalds and
> Linux (mostly because I don't pay any attention to what he or anyone
> else in the Linux crowd have to say.) I didn't move to, or stick with,
> OpenBSD as an anti-Linux (or anti-anything) statement.
>
> My opinion changed today when I read Linus' email from Theo's link.
>
> Linus seriously thinks that any random bug in any app that causes a
> crash is just as important as a security hole that gets your box rooted?
>
> Now I don't just think he's an idiot, I know it. Now I understand the
> background to the disparaging comments Theo has made about Linus now and
> then.
Don't tell us; we know.
Tell linus. You can google for his email address.
Not that he'll care. He's too busy watching monkey porn instead of
building researching last-year's security technology that will stop an
exploit technique that has been exploited multiple times. He's got
redhat to try to cover for that now, they're a public company filling
his bank account, and the best way to increase his stock is to accuse
other people of having the wrong standards.
Security technology? Why does he need to bother. He's got NSA to
write that code for him! (a previous exploitable hole using this
exploit mechanism was in NSA-donated code. And God bless America.)
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Bob Beck on
2009-11-04T03:47:08+00:00
2009/11/3 Gilles Chehade <gilles@openbsd.org>:
> On Tue, Nov 03, 2009 at 04:58:25PM -0700, Theo de Raadt wrote:
>> [bcc'd to Dan Goodin @ theregister]
>>
>> If anyone wants a choice quote from me about the recent Linux holes,
>> this is what I have to say:
>>
>> Linus is too busy thinking about masturabating monkeys, he doesn't
>> have time to care about Linux security.
>>
>
> I was considering offering him this:
>
> http://www.wellcoolstuff.com/Merchant2/graphics/00000001/20-Apr-07-05.jpg
>
> But couldn't get my hands on one yet ;-)
God damn Gilles.. And you didn't find one to bring to us at a hackathon!
Linus doesn't *deserve* one of those - I thought because I work on
OpenBSD only I do!
I will be deeply offended if Linus gets one of those before OpenBSD
developers do.. Well, the hell with the rest of you.. *I* at least
want one first.. Proudly! Linus doesn't deserve one 'till he has a
commit in our tree. ;)
-Bob
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by ropers on
2009-11-04T07:29:39+00:00
From http://www.theregister.co.uk/2009/11/03/linux-kernel-vulnerability/ :
> or desktop environments such as Wine
For some definitions of "desktop environments".
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Artur Grabowski on
2009-11-04T07:42:07+00:00
Claire beuserie <claire.beuserie@gmail.com> writes:
> That came out a bit weird: are you saying you knew about the bug for 2 years
> but did not fix it?
Yes. Because the solution sucks. And all others we tried were just not
workable.
Just like we knew that executable stacks can be used for exploits and
didn't fix that for many years.
//art
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Otto Moerbeek on
2009-11-04T09:28:15+00:00
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote:
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt <deraadt@cvs.openbsd.org>wrote:
>
> > 2) At least three of our developers were aware of this exploitation
> > method going back perhaps two years before than the commit, but we
> > gnashed our teeth a lot to try to find other solutions. Clever
> > cpu architectures don't have this issue because the virtual address
> > spaces are seperate, so i386/amd64 are the ones with the big impact.
> > We did think long and hard about tlb bashing page 0 everytime we
> > switch into the kernel, but it still does not look attractive from
> > a performance standpoint.
> >
>
> I'm confused.
>
> That came out a bit weird: are you saying you knew about the bug for 2 years
> but did not fix it?
Allowing a mapping at address zero is not a bug per se, but it opens a
door for other bugs to be exploited more effectively. This door has
been closed, but only after hard thinking went into how to close it.
-Otto
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Egon E. Braun Filho on
2009-11-04T18:52:55+00:00
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason <simplersolution@gmail.com> wrote:
> Wine is a good idea, but it's stifling an even better idea - making
> applications compatible across multiple OSes, something that hasn't
> needed to be done in the M$ world because of the stranglehold they
> had/have over the consumer market.
>
Microsoft will not follow free standanrds, Linux will follow
Microsoft/IBM/Intel/W3C/bullshit-human-slaving-private standards.
And I believe that is not portability in no way. That is just
assassinating legacy and freedom.
> Let's put this into perspective: Linux would absolutely jump in
> popularity if Valve ported Steam and the Source engine to it, meaning
> games like the Half Life series, Left 4 Dead and Team Fortress 2 could
> run natively - not to mention that it would prompt other games that
> sell their wares through the Steam CDS to port their games as well -
> but since most of the games run just fine in Wine these days, there's
> no incentive.
This will happen. We just have to wait for Linus/Redhat/Suse/etc to sign
more NDAs.
Look after your kids.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Egon E. Braun Filho on
2009-11-04T18:57:45+00:00
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason <simplersolution@gmail.com> wrote:
> Wine is a good idea, but it's stifling an even better idea - making
> applications compatible across multiple OSes, something that hasn't
> needed to be done in the M$ world because of the stranglehold they
> had/have over the consumer market.
>
Microsoft will not follow free standanrds, Linux will follow
Microsoft/IBM/Intel/W3C/bullshit-human-slaving-private standards.
And I believe that is not portability in no way. That is just
assassinating legacy and freedom.
> Let's put this into perspective: Linux would absolutely jump in
> popularity if Valve ported Steam and the Source engine to it, meaning
> games like the Half Life series, Left 4 Dead and Team Fortress 2 could
> run natively - not to mention that it would prompt other games that
> sell their wares through the Steam CDS to port their games as well -
> but since most of the games run just fine in Wine these days, there's
> no incentive.
This will happen. We just have to wait for Linus/Redhat/Suse/etc to sign
more NDAs.
Look after your kids.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Tomáš Bodžár on
2009-11-04T19:38:00+00:00
Ok to add more idiotic ideas to debate about Linux/MS and
interoperability and so on why not add this one?
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2620&blogid=
14
EU Wants to Re-define b�Closedb� as b�Nearly Openb�
'.........While there is a correlation between openness and
interoperability, it is also true that interoperability can be
obtained without openness, for example via homogeneity of the ICT
systems, which implies that all partners use, or agree to use, the
same solution to implement a European Public Service..........'
On Wed, Nov 4, 2009 at 5:39 PM, Egon E. Braun Filho <egonbraun@gmail.com>
wrote:
> On Wed, 4 Nov 2009 13:46:26 +1100
> Aaron Mason <simplersolution@gmail.com> wrote:
>
>> Wine is a good idea, but it's stifling an even better idea - making
>> applications compatible across multiple OSes, something that hasn't
>> needed to be done in the M$ world because of the stranglehold they
>> had/have over the consumer market.
>>
>
> Microsoft will not follow free standanrds, Linux will follow
> Microsoft/IBM/Intel/W3C/bullshit-human-slaving-private standards.
>
> And I believe that is not portability in no way. That is just
> assassinating legacy and freedom.
>
>> Let's put this into perspective: Linux would absolutely jump in
>> popularity if Valve ported Steam and the Source engine to it, meaning
>> games like the Half Life series, Left 4 Dead and Team Fortress 2 could
>> run natively - not to mention that it would prompt other games that
>> sell their wares through the Steam CDS to port their games as well -
>> but since most of the games run just fine in Wine these days, there's
>> no incentive.
>
> This will happen. We just have to wait for Linus/Redhat/Suse/etc to sign
> more NDAs.
>
> Look after your kids.
>
>
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Dave Wilson on
2009-11-06T09:53:25+00:00
Aaron Mason wrote:
> OpenBSD does one thing and does it well - being secure. That's all
> there is to it.
>
On the contrary, OpenBSD does a number of things well :-)
Admittedly, you could argue that code readability, comprehensive
documentation, provability are all parts of the main goal of security,
but to present it as a one trick pony is somewhat unfair.
I suspect this is not what you were trying to say, but I thought it was
worth commenting on.
Dave W
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ by Mark Beihoffer on
2009-11-06T10:37:27+00:00
Greetings & Salutations!
We just had a successful test flight of a hypercube network consisting of
OpenBSD boxes.
It went very well. That's all I can say about it now. Thanks to all who
participated!
- Mark Beihoffer
Chief Technology Officer
Dragonfly Networks
(a subsidiary of)
Diamond Fiction, LLC
On Fri, Nov 6, 2009 at 3:29 AM, Dave Wilson <richard.wilson@senokian.com>wrote:
> Aaron Mason wrote:
>
> > OpenBSD does one thing and does it well - being secure. That's all
> > there is to it.
> >
>
> On the contrary, OpenBSD does a number of things well :-)
>
> Admittedly, you could argue that code readability, comprehensive
> documentation, provability are all parts of the main goal of security,
> but to present it as a one trick pony is somewhat unfair.
>
> I suspect this is not what you were trying to say, but I thought it was
> worth commenting on.
>
> Dave W