From: Josh Triplett <josh@joshtriplett.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Josh Boyer <jwboyer@fedoraproject.org>,
Sarah Sharp <sarah@minilop.net>,
"ksummit-discuss@lists.linuxfoundation.org"
<ksummit-discuss@lists.linuxfoundation.org>,
Greg KH <gregkh@linuxfoundation.org>,
Julia Lawall <julia.lawall@lip6.fr>,
Darren Hart <darren@dvhart.com>,
Dan Carpenter <dan.carpenter@oracle.com>
Subject: Re: [Ksummit-discuss] [CORE TOPIC] Kernel tinification: shrinking the kernel and avoiding size regressions
Date: Fri, 9 May 2014 15:50:40 -0700 [thread overview]
Message-ID: <20140509225040.GD5725@thin> (raw)
In-Reply-To: <CALCETrVr=Tv+LyTRPg-ntTJPKtO3aQWEoDEVSwCm5RpOStkWPA@mail.gmail.com>
On Fri, May 09, 2014 at 01:37:22PM -0700, Andy Lutomirski wrote:
> The best arguments I've heard so far for why the kernel needs to try
> to protect itself against root are:
>
> 1. MS/Verisign demand it.
>
> 2. It's annoying to fool a user into thinking that they just booted
> Some Other OS when they're really running Linux without kernel help.
> NB: no one has claimed that it's impossible AFAIK, just that it's
> annoyingly complicated.
>
> I like neither of these arguments. #1 is politics, not security, and
> #2 seems like security by annoying the attacker.
#1 is useful if you care about supporting users booting Linux on modern
systems without changing BIOS configuration.
As for #2, I agree that it's just "annoying the attacker", and I don't
want to quibble over the value of that in this particular case, but keep
in mind that a *lot* of security is "annoying the attacker"; you can
rather precisely quantify how secure a system is by how much it costs to
purchase exploited systems or similar. (See "An Agenda for Empirical
Cyber Crime Research", USENIX ATC 2011.) And in very much the same
spirit as "I don't have to run faster than the bear", a lot of security
(against broad-scale exploits rather than targeted threats) is about
making it more painful to exploit a system than to do a
social-engineering attack or a physical security breach.
- Josh Triplett
next prev parent reply other threads:[~2014-05-09 22:50 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-02 16:44 Josh Triplett
2014-05-02 17:11 ` Dave Jones
2014-05-02 17:20 ` James Bottomley
2014-05-02 17:33 ` Dave Jones
2014-05-02 17:46 ` Josh Boyer
2014-05-02 18:50 ` H. Peter Anvin
2014-05-02 19:02 ` Josh Boyer
2014-05-02 19:03 ` Michael Kerrisk (man-pages)
2014-05-02 19:33 ` Theodore Ts'o
2014-05-02 19:38 ` Jiri Kosina
2014-05-02 19:49 ` Dave Jones
2014-05-02 20:06 ` Steven Rostedt
2014-05-02 20:41 ` Theodore Ts'o
2014-05-02 21:01 ` Dave Jones
2014-05-02 21:19 ` Josh Boyer
2014-05-02 21:23 ` Jiri Kosina
2014-05-02 21:36 ` Josh Boyer
2014-05-02 21:27 ` James Bottomley
2014-05-02 21:39 ` Josh Boyer
2014-05-02 22:35 ` Andy Lutomirski
2014-05-06 17:18 ` josh
2014-05-06 17:31 ` Andy Lutomirski
2014-05-09 18:22 ` H. Peter Anvin
2014-05-09 20:37 ` Andy Lutomirski
2014-05-09 22:50 ` Josh Triplett [this message]
2014-05-10 0:23 ` James Bottomley
2014-05-10 0:38 ` Andy Lutomirski
2014-05-10 3:44 ` Josh Triplett
2014-05-03 17:30 ` James Bottomley
2014-05-02 21:56 ` tytso
2014-05-02 20:45 ` Ben Hutchings
2014-05-02 21:03 ` Dave Jones
2014-05-03 13:37 ` Michael Kerrisk (man-pages)
2014-05-03 13:35 ` Michael Kerrisk (man-pages)
2014-05-03 13:32 ` Michael Kerrisk (man-pages)
2014-05-02 19:03 ` Mark Brown
2014-05-02 19:45 ` Luck, Tony
2014-05-02 21:03 ` Mark Brown
2014-05-02 21:08 ` Dave Jones
2014-05-02 21:14 ` Andy Lutomirski
2014-05-02 21:21 ` Luck, Tony
2014-05-02 21:38 ` H. Peter Anvin
2014-05-03 1:21 ` Mark Brown
2014-05-07 12:35 ` David Woodhouse
2014-05-09 15:51 ` Mark Brown
2014-05-02 17:33 ` Guenter Roeck
2014-05-02 17:44 ` Steven Rostedt
2014-05-07 11:32 ` David Woodhouse
2014-05-07 16:38 ` James Bottomley
2014-05-02 22:04 ` Jan Kara
2014-05-05 23:45 ` Bird, Tim
2014-05-06 2:14 ` H. Peter Anvin
2014-05-09 16:22 ` Josh Triplett
2014-05-09 16:59 ` Bird, Tim
2014-05-09 17:23 ` josh
2014-05-08 15:52 ` Christoph Lameter
2014-05-12 17:35 ` Wolfram Sang
2014-05-13 16:36 ` Bird, Tim
2014-05-13 18:00 ` josh
2014-05-14 1:04 ` Julia Lawall
2014-08-17 9:45 ` [Ksummit-discuss] tiny.wiki.kernel.org Josh Triplett
2014-05-08 16:24 [Ksummit-discuss] [CORE TOPIC] Kernel tinification: shrinking the kernel and avoiding size regressions Christoph Lameter
2014-05-09 0:31 ` James Bottomley
2014-05-09 14:48 ` Christoph Lameter
2014-05-09 16:24 ` Steven Rostedt
2014-05-09 16:55 ` Christoph Lameter
2014-05-09 17:21 ` josh
2014-05-09 17:42 ` James Bottomley
2014-05-09 17:52 ` Christoph Lameter
2014-05-09 18:32 ` Steven Rostedt
2014-05-09 19:02 ` Julia Lawall
2014-05-09 20:31 ` Steven Rostedt
2014-05-09 17:52 ` Matthew Wilcox
2014-05-12 18:06 ` Dave Hansen
2014-05-12 20:20 ` Roland Dreier
2014-05-14 2:37 ` Li Zefan
2014-05-15 19:41 ` H. Peter Anvin
2014-05-15 20:00 ` Greg KH
2014-05-15 20:29 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140509225040.GD5725@thin \
--to=josh@joshtriplett.org \
--cc=dan.carpenter@oracle.com \
--cc=darren@dvhart.com \
--cc=gregkh@linuxfoundation.org \
--cc=julia.lawall@lip6.fr \
--cc=jwboyer@fedoraproject.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=luto@amacapital.net \
--cc=sarah@minilop.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox