[Ksummit-discuss] [CORE TOPIC] Kernel tinification: shrinking the kernel and avoiding size regressions
Josh Triplett
josh at joshtriplett.org
Fri May 9 22:50:40 UTC 2014
On Fri, May 09, 2014 at 01:37:22PM -0700, Andy Lutomirski wrote:
> The best arguments I've heard so far for why the kernel needs to try
> to protect itself against root are:
>
> 1. MS/Verisign demand it.
>
> 2. It's annoying to fool a user into thinking that they just booted
> Some Other OS when they're really running Linux without kernel help.
> NB: no one has claimed that it's impossible AFAIK, just that it's
> annoyingly complicated.
>
> I like neither of these arguments. #1 is politics, not security, and
> #2 seems like security by annoying the attacker.
#1 is useful if you care about supporting users booting Linux on modern
systems without changing BIOS configuration.
As for #2, I agree that it's just "annoying the attacker", and I don't
want to quibble over the value of that in this particular case, but keep
in mind that a *lot* of security is "annoying the attacker"; you can
rather precisely quantify how secure a system is by how much it costs to
purchase exploited systems or similar. (See "An Agenda for Empirical
Cyber Crime Research", USENIX ATC 2011.) And in very much the same
spirit as "I don't have to run faster than the bear", a lot of security
(against broad-scale exploits rather than targeted threats) is about
making it more painful to exploit a system than to do a
social-engineering attack or a physical security breach.
- Josh Triplett
More information about the Ksummit-discuss
mailing list