Re: One for the Security Guru's

Henning P. Schmiedehausen (hps@intermeta.de)
Sat, 26 Oct 2002 10:43:29 +0000 (UTC)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
Previous message: Rogier Wolff: "OT Re: One for the Security Guru's"
Maybe in reply to: Robert L. Harris: "One for the Security Guru's"
Next in thread: Henning P. Schmiedehausen: "Re: One for the Security Guru's"

"H. Peter Anvin" <hpa@zytor.com> writes:

>Followup to: <1035539042.23977.24.camel@forge>
>By author: Henning Schmiedehausen <hps@intermeta.de>
>In newsgroup: linux.dev.kernel
>> >
>> > A. If there's a buffer overflow in the SSL Accelerator box the firewall
>> > wont do you much good (it helps, but only a little).
>>
>> This is a hardware device. Hardware as in "silicon". I very much doubt
>> that you can run "general purpose programs" on a device specifically
>> designed to do crypto. And this is _not_ just an "embedded Linux on ix86
>> with a crypto chip".
>>

>Hardware devices have bugs, too. Furthermore, most devices marketed
>as "hardware" still have programmable stuff underneath. Trust me.

Of course they have. I'm not that dumb. :-) I won't expect any piece
of silicon speak http, snmp and have configureable ip adresses without
any programming. I do had my share of Cisco router fun.... :-)

But my point is, that these beasts normally don't run a general
purpose operating system and that they're much less prone to buffer
overflow or similar attacks, simply because they don't use popular
software with known bugs (e.g. OpenSSL) or these functions (like
doing crypto) are in hardware.

If you have a processor that sets up an ASIC to do "insert https here,
use this key, remove http there", you might be able to attack the IP
stack running on the processor which gets the packets from the wire
and puts them back onto the wire. But you won't be able to trick any
bug or overflow in the crypto routines into opening a root shell on
the ASIC. :-)

Especially if there is no such thing as a /bin/sh binary on the
bugger. And even if you _do_; you still only have a shell on the
accelerator. Not on the application server.

If you ask me "how can you trust such a device if you can't look at
the source; well, I don't have to. I can tell the customer "this
device has been approved by <insert your certification authority here>
and you pay gobs of cash for simply having this certified device".

Replace "device" with "certificate" and you have the same thing as
getting your web server key certification from Verisign or Thawte.
You pay money and get a "trusted device".

Regards
Henning

-- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.de

Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de D-91054 Buckenhof Fax.: 09131 / 50654-20 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
Previous message: Rogier Wolff: "OT Re: One for the Security Guru's"
Maybe in reply to: Robert L. Harris: "One for the Security Guru's"
Next in thread: Henning P. Schmiedehausen: "Re: One for the Security Guru's"