On Mon, 18 Apr 2005 10:48:03 -0400 Igor Shmukler wrote:
| Rik, (and everyone),
|
| Everything is IMHO only.
|
| It all boils down to whether:
| 1. it is hard to correctly implement such LKM so that it can be safely
| loaded and unloaded and when these modules are combined they may not
| work together until there is an interoperability workshop (like the
| one networking folks do).
| 2. it's not possible to do this right, hence no point to allow this in
| a first place.
|
| I am not a Linux expert by a long-shot, but on many other Unices it's
| being done and works. I am only asking because I am involved with a
| Linux port.
|
| I think if consensus is on choice one, then hiding the table is a
| mistake. We should not just close abusable interfaces. Rootkits do
| not need these, and if someone makes poor software we do not have to
| install it.
|
| Intercepting system call table is an elegant way to solve many
| problems. Any driver software has to be developed by expert
| programmers and can cause all the problems imaginable if it was not
| down right.
|
| Again, it's all IMHO. Nobody has to agree.
And 'nobody' has submitted patches that handle all of the described
problems...
1. racy
2. architecture-independent
3. stackable (implies/includes unstackable :)
You won't get very far in this discussion without some code...
| Igor
|
| On 4/18/05, Rik van Riel <[email protected]> wrote:
| > On Fri, 15 Apr 2005, Igor Shmukler wrote:
| >
| > > Thank you very much. I will check this out.
| > > A thanks to everyone else who contributed. I would still love to know
| > > why this is a bad idea.
| >
| > Because there is no safe way in which you could have multiple
| > of these modules loaded simultaneously - say one security
| > module and AFS. There is an SMP race during the installing
| > of the hooks, and the modules can still wreak havoc if they
| > get unloaded in the wrong order...
| >
| > There just isn't a good way to hook into the syscall table.
---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]