Re: [PATCH] paravirt.h

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alan Cox wrote:
It would be nice not to export it at all or to protect it, paravirt_ops
is a rootkit authors dream ticket. I'm opposed to paravirt_ops until it
is properly protected, its an unpleasantly large security target if not.

Do you have an example of an attack which would become significantly easier with pv_ops in use? I agree it might make a juicy target, but surely it is just a matter of degree given that any attacker who can get to pv_ops can do pretty much anything else.

It would be a lot safer if we could have the struct paravirt_ops in
protected read-only const memory space, set it up in the core kernel
early on in boot when we play "guess todays hypervisor" and then make
sure it stays in read only (even to kernel) space.

Yes, I'd thought about doing something like that, but as Arjan pointed out, nothing is actually read-only in the kernel when using a 2M mapping. It's also ameliorated by the fact that some of the entrypoints are never used at runtime, because the code has been patched inline (but I don't think it would ever be desirable to patch every entrypoint, since some are just not worth the effort, complexity or obfuscation which result from patching).

   J
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux