Security Upgraded Knoppix

[keithl]

There are a number of critical security holes in any pre-September linux code that handles JPEGs and BMPs. That includes Mozilla, gtk+2.0 , gdk-pixbuf , kdelibs , and libpng.
See http://secunia.com/advisories/12526/ , 12586, 12564, 12311, 12221. These holes have not been exploited as of 28 Sep 2004, but similar holes are being exploited in windoze now, and will certainly be a problem for Linux/Knoppix before Knoppix 3.8 is available.

I pass out hundreds of Knoppix disks per year, and don't want to pass out exploitable versions of Mozilla and others. I would like to remaster a Knoppix "version 3.6A". I can manage the Mozilla 1.7.3 upgrade, but I am not sure I can get all the libraries right, and if any recompiles are needed, I'm not sure I can find all the applications that are affected.

Is there anyone skilled and willing to work with me to remaster a more secure version of 3.6?

Keith Lofstrom (keithl at keithl dot com)

[Flash00]

You bring up a question: why worry about it if the OS is running off a bootable CD? The OS itself can not be corrupted by an external attack.

For a third party to attack from the internet via this avenue, he would have to guess which version of Knoppix is being run, then how the particular user is storing his or her data on which kind of nonvolatile memory. It seems like an awful lot of work, for what?

[keithl]

Assume that there will be JPEG exploits for Mozilla 1.7.2 . Thus, by running the browser and inavertently looking at an infected site, you will get rooted, and the remote zombie the exploit talks to can read all necessary configuration information. exec( uname -a ) > mail > zombie , for example. The zombie can then select the appropriate rootkit for that version of Linux, and load quite a lot of executable scripts into whatever is writeable - ramdisk, mountable hard disk, operating kernel, whatever. Your hard disk can be scribbled on, your machine can be zombied, passwords and credit cards sent out, all sorts of mischief can be done.

Yes, you can return to status quo with a flick of the power switch - but how does the typical windoze user know when to do that? And it is not quite status quo; your information is on the zombie, and the zombie has put information on your hard disk. If it ever gets control again, it has a running start.

All this can be automated, and there is no protection beyond the read-only nature of the CD, since there is no root password. After the rooting, the CD can be ignored until the next reboot.

The typical Knoppix user is a Linux newbie, straight from windoze. I am giving them a Knoppix CD so they have an alternative to windoze, and most of them will actually use it a long time from now, when their windoze has become unusable, probably by enemy action. I don't want to compound their problems with something that can allow as much damage as windoze itself.