DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th March 2015
shep shep is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,136
Default Removal of Loadable Kernel Modules and Custom Kernels

Loadable Kernel Modules were removed and I can see the rationale for not having bits of code randomly insert into the stack. Conversely, that would mean more unused devices are in the kernel itself including some that may be a security risk. I'm thinking specifically of Intel and Via random number generators which I understand are not used.

Given the paranoia revolving around what is really in a device chip, would there be a stronger argument for stripping a kernel of unneeded devices?
Reply With Quote
  #2   (View Single Post)  
Old 18th March 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,250
Default

I can recall only a single LKM ever made available publicly - emulators/kqemu, which was removed nearly four years ago. I'd been a user of it, and I recall it was removed after it was dropped upstream. Without kqemu, I didn't perceive any need to keep LKM services -- in my opinion, these were vestigial from Unix or early BSD systems and now rendered unnecessary, as the OpenBSD kernel had been effectively monolithic its entire life.

My opinion of history, of course, is incompletely informed, and probably biased. But whether or not I got it exactly right, we no longer have LKM capability.

---

Fact: OpenBSD has a monolithic kernel.

Fact: Kernel stripping is unsupported.

Fact: Stripped kernels are never tested by the developers.

Fact: Some kernel components, such as peripheral device drivers, can be removed independently without obvious problems, such as failure to compile or boot.

Fact: You can remove any kernel components you want, but you become fully responsible for your own OS support.

Fact: a large group of security focused OS developers don't see unused drivers as a significant security risk.

Conjecture: successfully removing some components might have unintended consequences, such as introducing new race conditions through shorter code paths that would not be taken when using a GENERIC kernel.
Reply With Quote
  #3   (View Single Post)  
Old 18th March 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,250
Default

In further support of the monolithic history, except kqemu, whenever we added kernel drivers above and beyond GENERIC we built custom kernels, these were never written as kernel modules. The two that come to mind were RAIDframe and NTFS. The former was replaced by softraid(4), the latter became part of GENERIC on applicable architectures.
Reply With Quote
  #4   (View Single Post)  
Old 18th March 2015
thirdm thirdm is offline
Spam Deminer
 
Join Date: May 2009
Posts: 234
Default

Quote:
Originally Posted by shep View Post
Given the paranoia revolving around what is really in a device chip, would there be a stronger argument for stripping a kernel of unneeded devices?
How does the driver code get executed if you don't have the device? I'm not a kernel programmer but I'd think if someone could get the kernel's PC pointed into weird places like that the game's already over. In favour of a simple kernel image with all supported drivers in it, as I think has been pointed out by developers, there's a testing advantage to having a common image many people use. It helps control combinatorial explosion.
Reply With Quote
  #5   (View Single Post)  
Old 19th March 2015
shep shep is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,136
Default

Quote:
How does the driver code get executed if you don't have the device?
I have 2 Via motherboards that do have the hardware. I did look at the /usr/src/sys/arch/amd64/conf/GENERIC and did not see any drivers for Intel or Via Random number generators
Reply With Quote
  #6   (View Single Post)  
Old 19th March 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,250
Default

Any hardware random number generator will only be one of many entropy sources for this OS. Start at page 19 of Theo De Raadt's 2014 arc4random presentation. There's a video of the presentation available.

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
custom kernel problem pahel0 FreeBSD General 8 15th February 2010 11:13 PM
FreeBSD 7 i386, PAE and kernel modules eztiger FreeBSD Installation and Upgrading 7 1st April 2009 06:07 PM
kernel modules Mr-Biscuit FreeBSD General 0 2nd March 2009 06:18 AM
About Custom Kernels qmemo NetBSD General 2 28th September 2008 03:45 PM
Are certain kernel modules permanent? davidgurvich FreeBSD General 3 6th June 2008 06:14 PM


All times are GMT. The time now is 11:05 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick