Posted by: Anonymous Coward
on May 01, 2004 12:48 AM
Since device drivers have more priveleges than other code, making a reasonable proprietary device driver that claims to be GPL would seem to be a good way to insert a back door into linux. You wouldn't have to get the kernel team to approve it, just get some naieve user to install it. Then claim that Linux is inherently insecure.
Maybe the kernel should be fixed to treat all device drivers as untrusted software, Most of them can be compiled as modules anyway, so if the driver is simply a user space device that has only been granted permission to use the hardware addresses that it needs to do its job, that might help minimize the damage it can do. In fact, It could be put in a very tight sandbox so that if it needed access to another device driver, or any other part of the system it would have to have explicit permission to do that.
All this wouldn't make it impossible to use proprietary device drivers as back doors, but it would sure make it more difficult.
Further, the things that the driver needs permission to access should NOT be arranged as a system call by the module, but rather as a text table built into the module that the kernel reads when it loads the module, and before it executes any code in the module. This would make it possible to read the requirements by simply by typing cat \modulename\, and would make it impossible for the device driver to lie about the resources that it needs.
Learn about Linux
Download Linux
Get Linux help
back door
Posted by: Anonymous Coward on May 01, 2004 12:48 AMMaybe the kernel should be fixed to treat all device drivers as untrusted software, Most of them can be compiled as modules anyway, so if the driver is simply a user space device that has only been granted permission to use the hardware addresses that it needs to do its job, that might help minimize the damage it can do. In fact, It could be put in a very tight sandbox so that if it needed access to another device driver, or any other part of the system it would have to have explicit permission to do that.
All this wouldn't make it impossible to use proprietary device drivers as back doors, but it would sure make it more difficult.
Further, the things that the driver needs permission to access should NOT be arranged as a system call by the module, but rather as a text table built into the module that the kernel reads when it loads the module, and before it executes any code in the module. This would make it possible to read the requirements by simply by typing cat \modulename\, and would make it impossible for the device driver to lie about the resources that it needs.
#