* [9fans] security of inferno os [ptr]
@ 2002-02-05 9:53 ozan s yigit
2002-02-05 12:27 ` Alexander Viro
0 siblings, 1 reply; 7+ messages in thread
From: ozan s yigit @ 2002-02-05 9:53 UTC (permalink / raw)
To: 9fans
fyi: this is published in the last issue of 2600.
http://www.phrack.org/show.php?p=58&a=12
oz
--
www.cs.yorku.ca/~oz | don't count your chickens in glass houses
york u. computer science | until the cows come home. -- david vestal
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] security of inferno os [ptr]
2002-02-05 9:53 [9fans] security of inferno os [ptr] ozan s yigit
@ 2002-02-05 12:27 ` Alexander Viro
2002-02-05 15:08 ` ozan s yigit
0 siblings, 1 reply; 7+ messages in thread
From: Alexander Viro @ 2002-02-05 12:27 UTC (permalink / raw)
To: 9fans
On Tue, 5 Feb 2002, ozan s yigit wrote:
>
> fyi: this is published in the last issue of 2600.
> http://www.phrack.org/show.php?p=58&a=12
Ah, yes - "if you run it hosted under Windows and host is compromised,
it's very insecure" and it goes downwards from there.
Right there with "suppose attacker got enough priveleges to run arbitrary
code in kernel mode. You know, the system can be fscked real hard
after that! We couldn't figure out how to achieve <trivial modification
of kernel behaviour>, but here's how to <several equally trivial ones>"
(two articles in the same issue).
Overall: "Looking for real vulnerabilities is tough - let's go shopping!"
Piss-poor...
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] security of inferno os [ptr]
2002-02-05 12:27 ` Alexander Viro
@ 2002-02-05 15:08 ` ozan s yigit
2002-02-05 16:01 ` Matt H
0 siblings, 1 reply; 7+ messages in thread
From: ozan s yigit @ 2002-02-05 15:08 UTC (permalink / raw)
To: 9fans
viro@math.psu.edu (Alexander Viro) writes:
> Ah, yes - "if you run it hosted under Windows and host is compromised,
> it's very insecure" and it goes downwards from there.
right. i did not offer editorial commentary, just the pointer. so far
as i can tell, it is the only article of its kind on those circles on
inferno and it even mentions plan9.
oz
--
www.cs.yorku.ca/~oz | don't count your chickens in glass houses
york u. computer science | until the cows come home. -- david vestal
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] security of inferno os [ptr]
2002-02-05 15:08 ` ozan s yigit
@ 2002-02-05 16:01 ` Matt H
2002-02-05 16:14 ` Boyd Roberts
2002-02-05 16:26 ` Boyd Roberts
0 siblings, 2 replies; 7+ messages in thread
From: Matt H @ 2002-02-05 16:01 UTC (permalink / raw)
To: 9fans
> it is the only article of its kind on those circles on
> inferno and it even mentions plan9.
security through obscurity indeed
I get a false sense of security from using FreeBSD rather than Linux
Until "The Big Day" Glenda arrives at our colocator
Actually that does throw up a question for me (& not one that *needs*
answering any time soon)
If my machine is 150 miles away how will I press enter to tell it to boot
from local & how is it possible to prevent the col-locators using it from
the terminal. (not that I expect them to but ...)
M
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] security of inferno os [ptr]
2002-02-05 16:01 ` Matt H
@ 2002-02-05 16:14 ` Boyd Roberts
2002-02-05 16:26 ` Boyd Roberts
1 sibling, 0 replies; 7+ messages in thread
From: Boyd Roberts @ 2002-02-05 16:14 UTC (permalink / raw)
To: 9fans
Matt H wrote:
> I get a false sense of security from using FreeBSD rather than Linux
Hmm ...
brucee@plan9.bell-labs.com wrote:
>
> *** {02.04.030} Linux - UML kernel memory access
>
> User-Mode-Linux version 2.4.17-8 has been found to allow normal users
> within a UML Linux environment to change around system syscalls and
> access kernel memory, thereby allows them to gain root access both
> inside and outside the UML environment.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] security of inferno os [ptr]
2002-02-05 16:01 ` Matt H
2002-02-05 16:14 ` Boyd Roberts
@ 2002-02-05 16:26 ` Boyd Roberts
1 sibling, 0 replies; 7+ messages in thread
From: Boyd Roberts @ 2002-02-05 16:26 UTC (permalink / raw)
To: 9fans
Matt H wrote:
> If my machine is 150 miles away how will I press enter to tell it to boot
> from local & how is it possible to prevent the col-locators using it from
> the terminal. (not that I expect them to but ...)
Have you checked out reboot(8)?
http://plan9.bell-labs.com/magic/man2html/8/reboot
It might not be _exactly_ what you want, but it might be a clue.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] security of inferno os [ptr]
@ 2002-02-05 16:17 anothy
0 siblings, 0 replies; 7+ messages in thread
From: anothy @ 2002-02-05 16:17 UTC (permalink / raw)
To: 9fans
// If my machine is 150 miles away how will I press enter to
// tell it to boot from local...
the cpu server kernel will time out if given a default in plan9.ini.
i think it's the 'bootargs=' line, but i could be wrong.
// ...how is it possible to prevent the col-locators using it from
// the terminal.
hmm... i guess you could just not run rio and exec something
out of cpurc that tied up the console (i've done that for other
reasons with a simple tail -f of various logs), but it'd be nicer
to retain the ability to use the console yourself (even remotely,
like via the Avanstar). the patches to get a terminal and cpu
server on the same box might be relavant, too. they're out of
date, but can be found here:
http://www.fywss.com/plan9/info/misc/cpu_terminal
more generally speaking, though, i'd say if you don't trust your
colo enough to not dink around on your console, all bets are off...
ア
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2002-02-05 16:26 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-02-05 9:53 [9fans] security of inferno os [ptr] ozan s yigit
2002-02-05 12:27 ` Alexander Viro
2002-02-05 15:08 ` ozan s yigit
2002-02-05 16:01 ` Matt H
2002-02-05 16:14 ` Boyd Roberts
2002-02-05 16:26 ` Boyd Roberts
2002-02-05 16:17 anothy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).