Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

Quoting Ulrich Drepper ([email protected]):
> On 4/25/06, Axelle Apvrille <[email protected]> wrote:
> >1- "does this also prevent people writing their own
> >elf loader in a bit of perl and just mmap the code"
> >
> >I'm not sure to exactly understand what you mean:
> >
> >- if you mean writing an application able to read &
> >'interpret' an ELF executable: again, I think DigSig
> >will prevent this, because when you mmap the code,
> >this calls (at kernel level) do_mmap which triggers an
> >LSM hook called file_mmap. And we implement checks in
> >that hook...
> >
> >- if you mean modifying the ELF loader so that do_mmap
> >/ file_mmap aren't called, well you'll need to hack
> >the kernel, won't you ?
> >
> >- finally, note you also have choice not to sign this
> >elf loader of yours. If it isn't signed, it won't ever
> >run ;-)
> 
> No, there no problem writing a loader.  All you need is to create
> anonymous mappings.  Via mmap, maybe on the stack, some heaps are
> still executable.  Then you load the code, fix it up for the address,
> and be done.  The kernel cannot and will not prevent a read(2) call on
> the binary.  That's all that's needed.  And without the SELinux
> support in place you cannot prevent non-exec memory creation and even

BS - you can stack another LSM to prevent that.

Or, stack it with SELinux.  I've tested that combination before with no
problems.

> then, some people need it (jvms, OpenGL libs, etc) to generate code on
> the fly.  So it's never completely ruled out.  Again, look at the code
> in http://people.redhat.com/drepper/selinux-mem.html.
> 
> Given you have executable anonymous memory it is a one-time small
> effort to write a loader and you're done.  Nothing your signature

A one time effort to write it *and sign it*.

You could just as well write it and give it it's own domain with {
execheap execmem execstack execmod } permissions.

> detection code can do about it.  This is snake oil.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Christoph Hellwig <[email protected]>
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Arjan van de Ven <[email protected]>

• References:
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Nix <[email protected]>
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Axelle Apvrille <[email protected]>
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: "Ulrich Drepper" <[email protected]>

• Prev by Date: Re: [PATCH] [1/1] slab: fix crash on __drain_alien_cahce() during CPU Hotplug
• Next by Date: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
• Previous by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
• Next by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]