Secure usage of netfilter hooks

Secure usage of netfilter hooks

[Abhishek Singh]

Hi,
Is it possible for a netfilter hook registered during module insertion 
time to be removed by a userspace application (such as iptables) without 
the insertion of a new module? 

What I am trying to do is implement a hook for secure packet processing 
using netfilter. If however an attacker can remove this hook without 
inserting a new module or compromising the kernel in some way then the 
security level of this hook is compromised. 

-- 

Thanks and Regards,

  -abhi

Re: Secure usage of netfilter hooks

[Gianni Tedesco]

[-- Attachment #1: Type: text/plain, Size: 951 bytes --]

On Thu, 2003-01-30 at 17:33, Abhishek Singh wrote:
> Is it possible for a netfilter hook registered during module insertion 
> time to be removed by a userspace application (such as iptables) without 
> the insertion of a new module? 

Yeah, remove all rules using it and rmmod the module.

> What I am trying to do is implement a hook for secure packet processing 
> using netfilter. If however an attacker can remove this hook without 
> inserting a new module or compromising the kernel in some way then the 
> security level of this hook is compromised. 

You gotta be root to manipulate iptables. If a user could manipulate ANY
iptables rules security would already be compromised because any user
could fuck with firewall rules.

HTH

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]