Re: Re: EMC Kit
Posted by
Fred Proctor
on 1999-11-15 07:47:30 UTC
Ray Henry wrote:
removal of files, it's fairly easy. Protecting against determined
hackers is more of a problem. Easy way:
1. Set up a normal Linux user account, say "ray", with a home directory,
say /home/ray.
2. Ray won't be able to run the EMC for three reasons:
a. it requires running the /sbin/insmod, /sbin/rmmod, and /sbin/lsmod
programs to install/remove/list the EMC motion controller;
b. it requires accessing /dev/mem to use the shared memory interface;
and
c. it requires running privileged inb/outb instructions for the
parallel port IO.
3. You can get around the first problem by changing the permissions on
/sbin/insmod and /sbin/rmmod so that they are "setuid root". This means
that they run as if root is running them. Set this up, as root, by
doing:
chmod u+s /sbin/insmod /sbin/rmmod /sbin/lsmod
Now, anyone can run insmod. So, for example, a talented programmer could
write his own kernel module that ran through the file system looking for
protected user files; remove files; etc. Writing a kernel module is not
something you do inadvertently.
4. You can do the same sort of thing with /dev/mem, by making it
read-write for everyone. As root, do:
chmod a+rw /dev/mem
Now, anyone can access /dev/mem and access Linux memory directly. This
isn't something that can be done inadvertently. You can set up Unix
pipes to write 0's into memory and clobber Linux, but you can also flip
the power switch on the front.
5. You can change the permission on emc/plat/<whatever>/bin/bridgeportio
so that it runs setuid root also. As root, do:
chmod u+s /usr/local/nist/emc/plat/<whatever>/bin/bridgeportio
Now it runs as root and can execute the privileged inb/outb
instructions.
There are better ways to set things up using groups of semi-trusted
users so not everyone can run the EMC, and so those who can still aren't
root. If anyone has any other ideas let me know.
--Fred
> In a recent post, Jan raised the issue of security concerning the EMC...
> software on a shop floor machine . IMO this issue is common to all pc
> based systems but since parts of the EMC must run as root, and now all of
> it runs as root in a standard setup, the system is extra vulnerable.
> What can we do?If you need to protect the system against inadvertent changing or
removal of files, it's fairly easy. Protecting against determined
hackers is more of a problem. Easy way:
1. Set up a normal Linux user account, say "ray", with a home directory,
say /home/ray.
2. Ray won't be able to run the EMC for three reasons:
a. it requires running the /sbin/insmod, /sbin/rmmod, and /sbin/lsmod
programs to install/remove/list the EMC motion controller;
b. it requires accessing /dev/mem to use the shared memory interface;
and
c. it requires running privileged inb/outb instructions for the
parallel port IO.
3. You can get around the first problem by changing the permissions on
/sbin/insmod and /sbin/rmmod so that they are "setuid root". This means
that they run as if root is running them. Set this up, as root, by
doing:
chmod u+s /sbin/insmod /sbin/rmmod /sbin/lsmod
Now, anyone can run insmod. So, for example, a talented programmer could
write his own kernel module that ran through the file system looking for
protected user files; remove files; etc. Writing a kernel module is not
something you do inadvertently.
4. You can do the same sort of thing with /dev/mem, by making it
read-write for everyone. As root, do:
chmod a+rw /dev/mem
Now, anyone can access /dev/mem and access Linux memory directly. This
isn't something that can be done inadvertently. You can set up Unix
pipes to write 0's into memory and clobber Linux, but you can also flip
the power switch on the front.
5. You can change the permission on emc/plat/<whatever>/bin/bridgeportio
so that it runs setuid root also. As root, do:
chmod u+s /usr/local/nist/emc/plat/<whatever>/bin/bridgeportio
Now it runs as root and can execute the privileged inb/outb
instructions.
There are better ways to set things up using groups of semi-trusted
users so not everyone can run the EMC, and so those who can still aren't
root. If anyone has any other ideas let me know.
--Fred
Discussion Thread
Bertho Boman
1999-11-03 13:51:30 UTC
Re: EMC Kit
Clint Bach
1999-11-03 16:40:52 UTC
Re: EMC Kit
Jon Elson
1999-11-03 21:45:38 UTC
Re: EMC Kit
Matt Shaver
1999-11-03 23:38:48 UTC
Re: EMC Kit
Clint Bach
1999-11-04 02:59:17 UTC
Re: EMC Kit
Jon Anderson
1999-11-04 06:12:48 UTC
Re: EMC Kit
Fred Proctor
1999-11-04 08:32:44 UTC
Re: EMC Kit
Dan Mauch
1999-11-04 10:43:09 UTC
Re: EMC Kit
paul@A...
1999-11-04 11:20:06 UTC
Re: EMC Kit
Jon Anderson
1999-11-04 11:04:53 UTC
Re: EMC Kit
Jon Anderson
1999-11-04 12:09:19 UTC
Re: EMC Kit
paul@A...
1999-11-04 12:37:26 UTC
Re: EMC Kit
Jon Elson
1999-11-04 13:50:27 UTC
Re: EMC Kit
Steve Carlisle
1999-11-04 23:09:32 UTC
Re: EMC Kit
Dan Mauch
1999-11-05 06:37:05 UTC
Re: EMC Kit
Jon Anderson
1999-11-05 06:48:37 UTC
Re: EMC Kit
paul@x...
1999-11-05 08:00:59 UTC
Re: EMC Kit
Jon Anderson
1999-11-05 08:36:20 UTC
Re: EMC Kit
drew@x...
1999-11-05 09:50:09 UTC
Re: EMC Kit
Jon Elson
1999-11-05 12:47:48 UTC
Re: EMC Kit
Fred Proctor
1999-11-08 07:27:01 UTC
Re: EMC Kit
Ray Henry
1999-11-12 07:26:17 UTC
Re: EMC Kit
Carl Fiorletta
1999-11-12 07:55:23 UTC
RE: Re: EMC Kit
Fred Proctor
1999-11-15 07:47:30 UTC
Re: Re: EMC Kit