Is RBAC unbreakable ?

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Is RBAC unbreakable ?

Postby evilangel » Mon Nov 17, 2008 2:30 pm

Hey all,

With such a provocative title, my question is totally candid.
According to all documents I read, MAC/RBAC seems to be a powerfull protection, preventing a lot of compromission.

Naturally, I am wondering "how much" it is safe.

As with the root identity, is a privilege escalation to the admin of the RBAC system possible ?

Is there some case where a MAC system has been defeated ?
In which condition a MAC system stops being efficient ?

Thanks for any informatio
evilangel
 
Posts: 59
Joined: Thu May 15, 2008 7:57 pm
Location: France

Re: Is RBAC unbreakable ?

Postby cormander » Mon Nov 17, 2008 9:09 pm

Bottom line; if it can be made by man, it can be unmade by man.

The RBAC system is very powerful, but can fail under one of the following conditions:

1) a hacker is able to write/modify the data structure of the running kernel. This is possible if a hacker gains root privileges and certain grsecurity protections aren't enable (such as disabling module inserts at runtime)
2) there is an exploit in the kernel which allows anyone to arbitrarily write to kernel memory (vmsplice was the most recent one that I know of)
3) a hacker has console access to your hardware and reboots under a different kernel or boots with single user mode (or init=/bin/bash) under which RBAC probably won't have a chance to get re-enabled.

As far as the writes to kernel memory, they basically can guess where the symbols for grsec are and replace them with their own code, effectivly disabling the RBAC protections. This is quite difficult to do, especially if you have the option enabled to hide all exported symbols (it really becomes a guessing game at that point). The risk they take on writes to kernel memory is getting past PAX (which will, depending on your PAX configuration, stop these attempts) and writting to kernel memory at runtime can make the kernel unstable and crash the system, so you have a DOSS'd system rather then a full compromised system.
cormander
 
Posts: 154
Joined: Tue Jan 29, 2008 12:51 pm
Location: Utah

Re: Is RBAC unbreakable ?

Postby evilangel » Wed Nov 19, 2008 4:14 pm

Thanks for these info.

1) a hacker is able to write/modify the data structure of the running kernel. This is possible if a hacker gains root privileges and certain grsecurity protections aren't enable (such as disabling module inserts at runtime)
A kernel that do not support Linux Kernel Modules is protected, no ?
evilangel
 
Posts: 59
Joined: Thu May 15, 2008 7:57 pm
Location: France

Re: Is RBAC unbreakable ?

Postby cormander » Wed Nov 19, 2008 5:53 pm

Yes, but grsecurity has the facility to turn on the disabling of modules at runtime (which cannot be undone without a reboot).
cormander
 
Posts: 154
Joined: Tue Jan 29, 2008 12:51 pm
Location: Utah

Re: Is RBAC unbreakable ?

Postby evilangel » Sun Nov 23, 2008 5:26 pm

OK
Thanks
evilangel
 
Posts: 59
Joined: Thu May 15, 2008 7:57 pm
Location: France


Return to RBAC policy development

cron