Le dim. 16 mars 2025 à 02:44, Geoff Belknap via NANOG <nanog@lists.nanog.org> a écrit :
[...] Keep in mind how many network devices have quietly become linux or bsd devices running a control plane in a container (without exposing the underlying OS to operators directly). If a bad actor finds an exposed management service (that never happens, right?) how confident is everyone they'd know if that bad actor exploited the service and landed on the underlying host OS? Not the control plane, the baremetal OS. How confident are we that they couldn't exploit that position to search for and compromise more of the network?
This is something that I'm quite worried about. JunOS has veriexec, which in itself is a useful piece of software, but the linux host has not. Also, we have the issue of the base OS on linecards, such as mpc7, 10 and lc9600. If you manage to get root on those, you are root on the RE. I've successfully ran adversary VMs on RE-x6 (or RSP5 for that matter), haven't tried to make the service ports useful, but the IP out-of-band interfaces (which IIRC are in a linux bridge) are usable... Nice vantage point to pivot from. XR is not any better, two VMs per card (LC/RSP), multiple containers, not only the codebase is pretty huge (vulnerability management - what a pain) but it's very easy to hide a piece of software wherever you want.