From: Dave Jones <davej@redhat.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: David Howells <dhowells@redhat.com>,
torvalds@osdl.org, akpm@osdl.org, herbert.xu@redhat.com,
linux-kernel@vger.kernel.org, arjan@infradead.org,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 0/6] MODSIGN: Kernel module signing
Date: Fri, 16 Feb 2007 15:21:35 -0500 [thread overview]
Message-ID: <20070216202135.GA22121@redhat.com> (raw)
In-Reply-To: <20070215221304.GB6602@ucw.cz>
On Thu, Feb 15, 2007 at 10:13:04PM +0000, Pavel Machek wrote:
> Hi!
>
> > Now, this is not a complete solution by any means: the core kernel is not
> > protected, and nor are /dev/mem or /dev/kmem, but it denies (or at least
> > controls) one relatively simple attack vector.
>
> Could we fix the /dev/*mem holes, first? They are already used by
> malicious modules (aka rootkits...). Or can selinux already provide
> /dev/*mem protection with no way for admin to turn it off?
There are some valid uses for peeking through /dev/mem. Things like
dmidecode for example. So you don't want to disable it completely
in a lot of cases, but have fine-grained access to specific parts
of the file. I'm not sure SELinux can do this. Maybe the MLS stuff
helps here (though I'm far from an expert on this, so I could be
talking out of my rear).
The restricted dev/mem patches we've had in Fedora for a while
do the right thing, but they're a bit crufty (in part due to
drivers/char/mem.c being a bit of a mess before we even start
patching it). I've had "clean these up for upstream" on my
todo for a while. I might get around to it one of these days.
Dave
--
http://www.codemonkey.org.uk
next prev parent reply other threads:[~2007-02-16 20:21 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-14 19:09 [PATCH 0/6] MODSIGN: Kernel module signing David Howells
2007-02-14 19:09 ` [PATCH 2/6] MODSIGN: In-kernel crypto extensions David Howells
2007-02-14 19:09 ` [PATCH 3/6] MODSIGN: Add indications of module ELF types David Howells
2007-02-14 19:09 ` [PATCH 4/6] MODSIGN: Module ELF verifier David Howells
2007-02-14 19:10 ` [PATCH 5/6] MODSIGN: Module signature checker and key manager David Howells
2007-02-14 19:10 ` [PATCH 6/6] MODSIGN: Apply signature checking to modules on module load David Howells
2007-02-14 19:26 ` [PATCH 0/6] MODSIGN: Kernel module signing Linus Torvalds
2007-02-14 19:40 ` David Howells
2007-02-14 21:32 ` Michael Halcrow
2007-02-14 21:59 ` David Howells
2007-02-14 22:21 ` Michael Halcrow
2007-02-15 21:31 ` Indan Zupancic
2007-02-15 3:41 ` Andrew Morton
2007-02-15 4:13 ` Dave Jones
2007-02-15 5:35 ` Andreas Gruenbacher
2007-02-15 5:45 ` Dave Jones
2007-02-15 6:14 ` Andreas Gruenbacher
2007-02-15 6:22 ` Dave Jones
2007-02-15 20:34 ` Valdis.Kletnieks
2007-02-15 22:12 ` Andreas Gruenbacher
2007-02-16 0:15 ` Olaf Kirch
2007-02-15 22:10 ` Pavel Machek
2007-02-15 20:55 ` Valdis.Kletnieks
2007-02-15 21:32 ` Adrian Bunk
2007-02-15 22:12 ` Valdis.Kletnieks
2007-02-15 14:35 ` Roman Zippel
2007-02-15 17:32 ` David Howells
2007-02-15 18:33 ` Roman Zippel
2007-02-15 20:01 ` David Lang
2007-02-15 21:01 ` Roman Zippel
2007-02-15 21:03 ` Adrian Bunk
2007-02-15 22:13 ` Pavel Machek
2007-02-16 20:21 ` Dave Jones [this message]
2007-02-16 20:27 ` Arjan van de Ven
[not found] <7OPWh-470-9@gated-at.bofh.it>
[not found] ` <7OxPF-16i-7@gated-at.bofh.it>
[not found] ` <7OSKA-8A-17@gated-at.bofh.it>
[not found] ` <7OTGJ-1G5-23@gated-at.bofh.it>
2007-02-16 15:38 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070216202135.GA22121@redhat.com \
--to=davej@redhat.com \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=dhowells@redhat.com \
--cc=herbert.xu@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.