feedWe in the security community have been trying to explain the benefit of MAC to developers in the embedded device arena for awhile now. Maybe if people keep threatening devices with radio chips and tons of proprietary crap the embedded developers will jump onboard. Motorola has been using SELinux/SEBSD on the A1200 and other devices for awhile now. Given the high-level view of the policy and lack of knowledge about the proprietary software and architecture driving the device I can’t really jump to any conclusions about the completeness of their policy but they are at least trying.
The reason I’m mentioning this is the most recent tiff exploit in the iPhone. Some hackers (the good kind) got ahold of it and used it to slip Installer.app on the iPhone. They were even kind enough to close the door they come in through; the exploit patches the vulnerability after it has installed Install.app.
I know this is SELinux and not SEBSD, although these permissions are in both IIRC, but lets try to count the permissions SELinux would have at its disposal to stop such an “attack”:
- memory protection
- file write protection (although Erica Sadun says this is done by “reassigning the root of the file tree”, whatever the hell that means… chroots? bind mounts? namespaces?)
- execute
- execute_no_trans
Listing these permissions is great, but what if Apple had needed Safari to download and install updates? Perhaps they could use a small app trusted to verify that Apple had signed the apps. Protect this app and it’s resources via SELinux and you’re golden.
I believe that DRM and security are hard to enforce when the keys are in the hands of the users. Someone will likely figure out how to view the filesystem or at least how to access it by sniffing USB traffic or looking at the hardware being used (in the case of DVD players etc). In this case, if you created a kernel that refused to boot in permissive mode would that be sufficient? Perhaps not, they could feasibly load their own kernel but that would be much more difficult given a properly architected MAC policy protecting the kernel itself.
Pingback by Leopard OS 10.5 Windows shares not showing up in Finder · Beyond Abstraction
# Tuesday, October 30, 2007, 10:27 am o'clock |
[...] browse for Windows shares seems sub-optimal. Of course given the tiff exploit I just posted about here, I’m beginning to wonder if Apple needs to shift their focus back to security a bit. [...]
Pingback by Did you hacked iPhone users learn your lesson?
#1 Wednesday, January 9, 2008, 1:17 pm o'clock |
[...] back to Jarno. Personally I would rather mod my iPhone rather than leave it stock. One of the open doors used by the mod community was a TIFF exploit. A TIFF exploit that allowed any arbitrary website to execute arbitrary code on my phone. The mod [...]