From: Arvid Brodin <Arvid.Brodin@xdin.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
Cyrill Gorcunov <gorcunov@openvz.org>,
David Rientjes <rientjes@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE?
Date: Thu, 1 Nov 2012 20:22:07 +0000 [thread overview]
Message-ID: <5092D9EE.80009@xdin.com> (raw)
In-Reply-To: <20121030212217.GD2616@ZenIV.linux.org.uk>
On 2012-10-30 22:22, Al Viro wrote:
> On Tue, Oct 30, 2012 at 09:02:33PM +0000, Arvid Brodin wrote:
>
>> +config PROC_TEXT_MD5SUM
>> + bool "/proc/<pid>/text_md5sum support"
>> + depends on PROC_FS
>> + select CRYPTO
>> + select CRYPTO_MD5
>> + help
>> + Read /proc/<pid>/text_md5sum to get the kernel to perform an MD5
>> + checksum over the process' text segment and print the result. Can be
>> + used to make sure a process' code has not been tampered with.
>
> Sorry, but this is pointless. Any attacker capable of modifying the code
> will be just as capable of modifying pointers to functions in data segment.
> IOW, you are not making sure of anything useful.
On 2012-10-30 22:23, Cyrill Gorcunov wrote:
> I don't think this increments security by any means. start/end-code are rather
> informative fields which are set when program being started, so one can ptrace
> it, alloc new exec area, put evil code there, tuneup cs:ip and restore original
> program contents, you won't even notice that.
You are both correct of course. Actually, I was kind of sloppy when I wrote the
Kconfig help text. The following more accurately describes the intended use. Would
this make the patch more acceptable?
+config PROC_TEXT_MD5SUM
+ bool "/proc/<pid>/text_md5sum support"
+ depends on PROC_FS
+ select CRYPTO
+ select CRYPTO_MD5
+ help
+ Read /proc/<pid>/text_md5sum to get the kernel to perform an MD5
+ checksum over the process' text segment and print the result. This
+ can detect some cases where the system RAM has been disturbed by
+ e.g. EMC or cosmic radiation (on systems where ECC is not available).
+ It might also detect some accidental or malicious modifications of
+ executables, where the perpetrator has not bothered to cover up the
+ tracks.
--
Arvid Brodin | Consultant (Linux)
XDIN AB | Knarrarnäsgatan 7 | SE-164 40 Kista | Sweden | xdin.com
next prev parent reply other threads:[~2012-11-01 20:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-30 21:02 fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE? Arvid Brodin
2012-10-30 21:22 ` Al Viro
2012-11-01 20:22 ` Arvid Brodin [this message]
2012-10-30 21:23 ` Cyrill Gorcunov
2012-10-30 22:45 ` Eric W. Biederman
2012-11-01 20:29 ` Arvid Brodin
2012-11-02 22:49 ` Arvid Brodin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5092D9EE.80009@xdin.com \
--to=arvid.brodin@xdin.com \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rientjes@google.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).