* Suggestions on process integrity checking
@ 2010-04-23 16:48 Jose Luis Marchetti
0 siblings, 0 replies; only message in thread
From: Jose Luis Marchetti @ 2010-04-23 16:48 UTC (permalink / raw)
To: linux-kernel
Hi,
I need to implement a process integrity check, this is to make sure that a process that is running at the time of checking was not corrupted since it was first loaded in memory.
I would appreciate suggestions on where I should implement this in the Linux kernel, my first outline of this work is:
1) Add a field to task_struct that would hold some sort of process digital signature, it could be a CRC32 of process code space, this is not defined yet.
2) For simplicity let us assume an elf file is being executed, in binfmt_elf.c I see the elf file program segments are mmap to the virtual addresses and no read is actually done there ( or am I wrong ?). Where the reading of program segments is actually being done.
3) When the program segments are read in memory I need to update the process digital signature.
4) Then there is the checking part, if the kernel have to perform this checking periodically, how/where do you suggest it to be implemented ?
I was not successful in finding any similar implementation on the Internet that I could base my work on, if you know of any, please let me know.
Thanks in advance for any suggestion.
José Luís Marchetti
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-04-23 16:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-04-23 16:48 Suggestions on process integrity checking Jose Luis Marchetti
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.