[cgl_discussion] [[Fwd: Follow up on kernel debugger authentication]]

Andy Pfiffer andyp at osdl.org
Mon Sep 30 11:13:54 PDT 2002


[ after some local discussion, I'm tossing this to a wider audience. ]

Larry sent me a proposed patch for CGL's kdb that includes support for
password authentication.

There are two items I think worthy of a broader discussion in this
forum.

    1. Is there a better way to make a reliable timeout mechanism?  The
    current patch uses a hard-coded constant in a spin-loop that could
    require some attention on both faster and slower systems.  Keep in
    mind that a) you can't use clock interrupts, and b) if you use
    mdelay(), you need to detect if calibrate_delay() has been called
    (it might not).  My only alternative solution is something like this
    (pseudo-code):
        
            int timeout_in_ms = 60000;
            .
            .
            .
            while (timeout_in_ms-- > 0) {
                    k = keyboard_poll_function();
                    if (k == -1) {
                            mdelay(1);
                            continue;
                    }
                    /* append key to input buffer */
                    .
                    .
                    .
            }
            if (timeout_in_ms == 0) {
                    /* you took too long to enter the password */
                    return you_lose;
            }
    
    ...but that won't detect if mdelay() is actually working yet, and
    imposes a minimum 1ms delay after polling (and finding nothing).
        
    
    2. Does this really address the security concerns?  I could not find
    mention of a KDB password or KDB security in the CGL Requirements
    1.0 document, nor in the CGL Architecture 1.0 document.  I asked
    around inside OSDL for comments, and I received these two
    (summarized):
    
    shemminger at osdl.org:
    A bigger problem/question is the management of the kdb password.
    How is the password created, stored, managed?  If this a important
    part of the overall system security, it needs to be stronger than
    all the other existing pieces.
    
    mochel at osdl.org:
    Why? What is that going to protect against?  Assuming you access kdb
    via a serial line, and you've configured a serial 
    console into your kernel, you have complete control over the kernel
    without needing kdb. 

Comments, anyone?

Regards,
Andy

    
    
-------------- next part --------------
An embedded message was scrubbed...
From: Larry Butler <larry_butler at hp.com>
Subject: Re: [Fwd: FW: Follow up on kernel debugger authentication]
Date: Mon, 30 Sep 2002 10:23:39 -0600
Size: 13622
Url: http://lists.linux-foundation.org/pipermail/cgl_discussion/attachments/20020930/e73af283/attachment-0001.eml


More information about the cgl_discussion mailing list