[Darklab] response to FX's offer... let talk about IOS things
Nicolas FISCHBACH
nicolist at securite.org
Wed Aug 31 00:19:27 CEST 2005
FX wrote:
>
> Why it will be easier is the modules. They finally promise to get around
> and modularize IOS, so you can load new modules to running routers. Backdoors
> anyone? But don't hold your breath, Cisco promises an IOS rewrite for, erm,
> ages.
Back in 2001 we were already talking about "IOS-NG", remember ? :)
http://www.securite.org/presentations/secip/BHAMS2001-SecIP-v105-full.ppt
(slides 65 and 66).
IOS-XR isn't monolithic anymore. On the CRS/GSR platform (and
probably on other hardware in the future) the IOS processes run
on top of a QNX Neutrino RTOS microkernel.
Upcoming images for the Cat6k are also going to be available as
modular ones, i.e. you buy and load the features you need (software
is going to be signed and authenticated).
This should enable online upgrades, give more stability (i.e. a process
that crashes can be restarted and doesn't cause a reload), etc.
This means that there's a new possible attack vector (look for QNX
vulnerabilities in your favorite VDB). It also means that if you
find a vulnerability in a process and you manage to exploit it you
probably won't crash the router each time (i.e. a couple of seconds
until the next try and not a couple of minutes), but also that you won't
get "ring 0" anymore by exploiting just any of the processes as now
there are rights, protection and separation.
Nico.
--
Nicolas FISCHBACH (nico at securite.org) <http://www.securite.org/nico/>
Senior Manager - IP Engineering/Security - COLT Telecom
Securite.Org Team - http://www.securite.org/
More information about the darklab
mailing list