Fixing Things

Well, even Linux has bugs. Recent reports that TCP connections can be hijacked have kicked an anthill at Kernel.org. Linus and others have a patch. I’m testing it despite my little operation likely being below the radar, just in case.

See Linux-Kernel Archive: [PATCH 4.4 01/49] tcp: make challenge acks less predictable

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , . Bookmark the permalink.

6 Responses to Fixing Things

  1. oiaohm says:

    dougman the reality is signing every binaries does not work.
    https://lwn.net/Articles/682935/
    As ChromeOS loadpin LSM for the Linux kernel demos is that you don’t need to sign kernel modules as long as you have some system to verify them.

    Reason why Windows signed binaries don’t check every dll they load is nothing more than overhead. You checking if something is signed correctly you have to check a revoked list and a stack of other things. Key note here revoked list so you could spend a lot of cpu time per file if you attempt it.

    The mistake with per file signing. So you have a perfectly functional driver and for some reason the key it signed with is invalidated now you have to get a new driver signed with new key what could have got a new flaw that was never there before and you cannot use the old driver because it revoked. The recent UEFI flaw was cause by the fact UEFI binaries can access and load non verified parts again this is because is not practical to sign every single individual part as an individual part.

    Now look at what chrome os does with loadpin and dm-verity the drivers are not signed but the driver storage and drivers package is.

    Yes the way linux package management(rpm,deb…) docker, snappy and flatpak has going the sign the bundle not individual parts as well. Even OS X applications are design more around the idea of sign the bundle than individual binary.

    Lot of windows is sounds good on paper but totally does not work in real world that well. Another good example of this. Hey lets have individual computers produce the data we send to printers. Hello having to send drivers to every single computer hello current day security flaw where someone replaces the driver in network and breaks into machine. Unix/Posix/OS X world went lets use a universal format for printers calls postscript and then latter updated to more modern version of postscript called PDF.

    Fun part what happens with Microsoft printer design the case a printer has a security flaw? To protect a printer like that you would have to process every single printer request on the computer it connected to anyhow. Of course Microsoft designed their printer stack before printers were network connected in a big way. Large percentage of the windows printer stack only sounds good on paper totally failure in real world conditions where items are imperfect.

    So something Linux got from the Unix world were fairly well designed.

    When you start looking at Windows from a pure security point of view its a mess with faults all over the place. Linux is not perfect when you look at it from a security point of view but it way less of a mess than Windows. OS X is fairly tidy with little bits of grime here or there. Android is anywhere between complete disaster zone to tidy based on vendor.

  2. dougman says:

    “Windows was the lack of signing in several DLL files, and the fact signed exe’s and dll’s can load/execute unsigned ones, and the OS doesn’t bat an eye. Go ahead, replace away!”

    LOL..people will say that is NOT possible!

    “signed exe’s and dll’s can load/execute unsigned ones”

    M1croSh1t, will just say that it’s not an exploit, its engineered that way from the beginning and malicious hackers are using it wrongly…….HAHAHAH.

  3. oiaohm says:

    kurkosdr ever since the introduction of UAC there have been ways for malicious to get around it. Mostly playing all the cards you historically used to exploit suid bit executable under Unix that were fixed in Linux between 1994-1996 and quite a few of those still work against UAC.
    https://www.powershellempire.com/?page_id=380
    Some are just spectacularly bad methods for getting around UAC.
    WScript UAC Bypass comes to mind as you can see it been ported forwards to powershell and yes it works with Windows 7-10. Yes a new way to get pass UAC was added with windows 7 was found in 3 months of windows 7 existence and Microsoft has not fixed it yet.

    Yes UAC looks like sudo or su from the Unix/Linux world the reality it does not work anywhere near a good as modern setup of sudo or su let alone something more controlled like policykit.

    The article dougman is point to use refering to dll replacement method to by pass UAC this was found in Windows Vista beta testing stage and still works in Windows 10 because Microsoft has not fixed that one either.

    which means Desktop Linux is, for now, more secure than Windows.
    kurkosdr Desktop Linux can claim a working system for splitting application privilege. Its a toss up if Desktop Linux is more secure than Windows while Linux uses known broken X11 as default. When Linux systems are able to migrate to Wayland solutions Microsoft better have lifted their game. Clock is ticking Microsoft on the stack of not fixed security flaws.

    Yes you here Microsoft fanboy trot UAC as see here Microsoft has something like Su/sudo yet the reality is UAC has had bi-passes that have not been fixed so it only looks like early versions of su/sudo/suid with same faults that were fixed in latter versions of BSD/Unix/Linux operating systems. The year that BSD/Unix/Linux operating systems had fixed up su/sudo/suid issues was 1996 so Microsoft has been well behind the game.

    Basically like su/sudo/suid of old UAC is nothing more than window dressing to make you feel good where current day su/sudo/suid on Linux, Unix and OS X functions properly.

    When did the Linux world start attempting to get rid of X11 and framebuffer based1996 that is interesting right. Blocked by lack of cooperation by video card vendors.

    Wayland is fairly much getting done what should have and would happened over 20 years ago if particular companies and groups did not get in way.

    Yes people always think of freebsd and openbsd as highly secure problem was section of that world pushed to keep X11 alive for cross platform application support as this was kinda more important that security since very few people used either as a desktop at the time as well. So the flawed security on the Linux desktop has some totally despicable mailing list chatter about it.

  4. kurkosdr says:

    @dougman

    One of the things I always hated about Windows was the lack of signing in several DLL files, and the fact signed exe’s and dll’s can load/execute unsigned ones, and the OS doesn’t bat an eye. Go ahead, replace away!

    Don’t run exe’s from unknown sources.

    ———

    Also, since I am not on the payroll of any company, we finally have a pentesting scenario that makes Windows vulnerable but not Desktop Linux (users getting privileged access to parts of the system without the formality of acquiring a privileged account using this UAC hack), which means Desktop Linux is, for now, more secure than Windows.

  5. Well, 4.4.17-rc1 is running smoothly on Beast III. I have no idea how to hack connections so I’m trusting in Linus.

  6. dougman says:

    “Eh, You have to able to spoof the IP address, so no worries unless you’re one the same network or have the control of a host there. Or rather you’re the network admin. Faulty, yes but hell, no worries.”

    Meanwhile Win-Dohs 10 suffers UAC malware, besides it itself being labeled malware.

    “Graeber and Nelson said they reported the issue to Microsoft, but the company responded by saying it is not a security problem. Apparently, UAC, to Microsoft, is not security measure hence why the company does not view the problem as a security measure.

    Microsoft is either bluffing or the researchers are wrong. However, what is certain right now is that the company has no choice but to release a fix for UAC because it is now out in the open for the entire public to see.”

    http://www.laptopmag.com/articles/windows-10-flaw-leaves-door-open-malware

Leave a Reply