LCDproc development and user support list

Text archives Help


[Lcdproc] Idea for improving security


Chronological Thread 
  • From: gfk AT logidac.com (Guillaume Filion)
  • Subject: [Lcdproc] Idea for improving security
  • Date: Thu Oct 24 02:58:01 2002

Hi all,

While reading the qmail security page(1), I tried to imagine a way of
making LCDproc more secure. As it has been stated a long time ago in
this mailing list(2), because LCDd has access to the IO ports it
could be used to modifiy the content of hard drives or reboot the
machine (using a buffer overflow for example). Most of the solutions
I imagined were crap, but one thing seems interesting, I explain it
below.

The idea would be to move all of the port IO functions from LCDd to a
different process (let's call it portTalk).

LCDd should not have any root privilege.
portTalk would have access to the IO port. It should verify
everything it receives from LCDd (make sure that the port number is
valid, etc). It should also be made as small and simple as possible
so that it is easy to debug and secure.

portTalk and LCDd should be mutually untrusting programs, i.e.
portTalk should not trust what it receives from LCDd and LCDd should
not trust what it receives from portTalk. That way, an attacker who
is able to successfully attack LCDd would not be able to access the
IO port without successfully attacking portTalk too.

I guess portTalk and LCDd should communicate using a unix domain
socket (AF_UNIX), I'm not sure if it's the best way to do it... One
thing for certain is that they should be mutually untrusting, so they
shouldn't share memory.

Let me know what you think and how implementable you think this is.
GFK's

Refs:
1: http://cr.yp.to/qmail/guarantee.html
2: http://lists.omnipotent.net/pipermail/lcdproc/2001-September/002956.html
--
Guillaume Filion
Logidac Tech., Beaumont, Qu=E9bec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/ (this will redirect)




Archive powered by MHonArc 2.6.18.

Top of page