Linus released kernel
v2.6.20
(tar.bz2) to the public today, adding virtualization support through KVM
and relocatable kernel support for x86, among other
changes.
The latter feature is an interesting one from a security perspective and
for kdump users. From the changelog:
Relocatable kernel support for x86
This feature (enabled with CONFIG_RELOCATABLE) isn't very
noticeable for end-users but it's quite interesting from a kernel
POV. Until now, it was a requeriment that a i386 kernel was loaded
at a fixed memory address in order to work, loading it in a
different place wouldn't work. This feature allows to compile a
kernel that can be loaded at different 4K-aligned addresses, but
always below 1 GB, with no runtime overhead. Kdump users (a feature
introduced in 2.6.13 that it triggers kexec in a kernel crash in
order to boot a kernel that has been previously loaded at a 'empty'
address, then runs that kernel, saves the memory where the crashed
kernel was placed, dumps it in a file and continues booting the
system) will benefit from this because until now the "rescue kernel"
need to be compiled with different configuration options in order to
make it bootable at a different address. With a relocatable kernel,
the same kernel can be boot at different addresses. (commit 1, 2, 3,
4)
Basically, kdump users can now use the same kernel to do standard boot
and kexec boot without an additional kernel image. From the security
side of things, you can move the kernel around in memory. Since most
rootkits and exploits rely on static memory addresses, this makes it
more difficult.
Posted by Marcin on Sunday, February 4, 2007 in
News,
Security and
Tech.
Once again, we're comin' to ya from Ditka's Restaurant in the heart of
Chicago, the city of the big shoulders, and home to a certain team,
which come January will run roughshod over the competition in Super Bowl
XLI. A team that is known as.....Da
Bears!
Posted by Marcin on Sunday, February 4, 2007 in
News.
Hey everyone. Earlier today my hosting had expired and I had to migrate
to new host. Update your bookmarks to account for the changes. The new
URL address of my blog is
www.tssci-security.com.
Thankfully, most of you who subscribe via RSS shouldn't have to make
any changes due to my feeds being handled by FeedBurner at
http://feeds.feedburner.com/tssci.
Posted by Marcin on Saturday, February 3, 2007 in
Security.
RMogull called it, February is Month of No
Bugs.
L.M.H. signs off
from Month of Apple Bugs... let's see who else will bother keeping up
with the vulnerability a day, every day momentum.
Posted by Marcin on Friday, February 2, 2007 in
Security.
My staging servers cannot boot from CD-ROM, therefore I use a boot disk.
For this reason alone, I have floppy drives in all my systems. I also
save time by booting from floppy disk and installing operating systems
over the network. A tip for anyone who's looking to become RHCE
certified: install RHEL using a network connection because it's much,
much faster than installing via CD and it saves precious time during
your performance based exam.
How does this impact the security of your systems? How does this affect
available network bandwidth? Ideally, we don't want to introduce more
entry points into our systems than we need, be it via USB drive, floppy,
or CD-ROM. Which do you prefer, or do you even care?
Posted by Marcin on Wednesday, January 31, 2007 in
Security and
Tech.
