Re: [Security] proactive defense: using read-only memory

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pavel Machek <pavel@ucw.cz>
To: Kees Cook <kees.cook@canonical.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [Security] proactive defense: using read-only memory
Date: Wed, 17 Nov 2010 11:00:54 +0100	[thread overview]
Message-ID: <20101117100053.GA1574@ucw.cz> (raw)
In-Reply-To: <20101107193520.GO5327@outflux.net>

Hi!

> - Modules need to be correctly marked RO/NX. This patch exists[3], but is
>   not in mainline. It needs to be in mainline.

Why not.

> - Pointers to function table also need to be marked read-only after
>   they are set. An example of this is the security_ops table pointer. It
>   gets set once at boot, and never changes again. These need to be handled
>   so it isn't possible to just trivially reaim the entire security_ops
>   table lookup somewhere else.

But there are too many of those. You can't block them all...

> - Entry points to set_kernel_text_rw() and similar need to be blockable.
>   Having these symbols available make kernel memory modification trivial;

What prevents attacker to just inlining those functions in the
exploit?

If you want protection domain inside kernel, perhaps you should take
ukernel approach?

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

next prev parent reply	other threads:[~2010-11-17 10:01 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-07 19:35 [Security] proactive defense: using read-only memory Kees Cook
2010-11-08  6:13 ` [Security] proactive defense: using read-only memory, RO/NX modules Ingo Molnar
2010-11-08 10:03   ` Alan Cox
2010-11-08 21:42   ` Kees Cook
2010-11-10  9:04     ` Ingo Molnar
2010-11-11  6:56       ` Kees Cook
2010-11-11  9:07         ` Ingo Molnar
2010-11-13 19:59       ` matthieu castet
2010-11-14  9:56         ` Ingo Molnar
2010-11-17 10:00 ` Pavel Machek [this message]
2010-11-17 22:14   ` [Security] proactive defense: using read-only memory Kees Cook
2011-01-02  9:09     ` Pavel Machek
2010-11-18  0:12   ` Valdis.Kletnieks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20101117100053.GA1574@ucw.cz \
    --to=pavel@ucw.cz \
    --cc=kees.cook@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.