The Washington Post published an article today which describes the ongoing tension between the security community and Linux kernel developers. This has been roundly denounced as FUD, with Rob Graham going so far as to claim that nobody ever attacks the kernel.
Unfortunately he's entirely and demonstrably wrong, it's not FUD and the state of security in the kernel is currently far short of where it should be.
[Here is] an example. Recent versions of Android use SELinux to confine applications. Even if you have full control over an application running on Android, the SELinux rules make it very difficult to do anything especially user-hostile. Hacking Team, the GPL-violating Italian company who sells surveillance software to human rights abusers, found that this impeded their ability to drop their spyware onto targets' devices. So they took advantage of the fact that many Android devices shipped a kernel with a flawed copy_from_user() implementation that allowed them to copy arbitrary userspace data over arbitrary kernel code, thus allowing them to disable SELinux.
(Score: 5, Interesting) by frojack on Wednesday November 11 2015, @10:42PM
Should be pointed out that SELinux (Probably the last GOOD thing the NSA actually did for Linux) represented a significant barrier to these guys, and their first order of business was to get rid of it.
That a bug existed in the kernel APIs is not a surprise. I'm sure there are hundreds. That's not the issue. (Yes the bug should and probably already has been fixed).
The issue is that there was no backup facility to protect the switch for turning off SeLinux so that a bug in an API couldn't clobber it. In short there is no such thing as SELinux in kernel space.
Linus Torvalds has argued that adding yet another layer of protection isn't going to help much, and will just make things that much harder and slower in routine daily kernel operations, and it would be as likely to include more bugs as it would be to fix any.
That it took a bug in a Kernel API to compromise the Kernel suggests to me that fixing the bugs and checking the other APIs for similar bugs, is probably more important than developing an entirely new security architecture.
Would the attack have been possible without this bug?
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by Gaaark on Thursday November 12 2015, @01:07AM
Can you (or anyone else) tell me how hard life would get using an SELinux kernel?
To print, do you need a password?
To play a movie, do you need a password?
To install a program, would you need to input multiple password requests?
*How does SELinux make your life harder?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Interesting) by Anonymous Coward on Thursday November 12 2015, @01:12AM
SELinux's usability, illustrated once again [utoronto.ca]
(Score: 4, Informative) by frojack on Thursday November 12 2015, @08:12AM
Set up right, it doesn't make life harder at all.
It just allows you to do the things you are allowed to do, and stops you from doing the things you aren't supposed to do.
Its a much finer grained permissions system. I suggest some basic reading: http://www.cyberciti.biz/faq/what-is-selinux/ [cyberciti.biz]
https://en.wikipedia.org/wiki/Security-Enhanced_Linux [wikipedia.org]
No, you are mistaken. I've always had this sig.
(Score: 2) by Gaaark on Thursday November 12 2015, @10:43AM
Thanks.... now to do some reading.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---