From: David Vrabel <david.vrabel@nutanix.com>
To: Ahmed Soliman <ahmedsoliman0x666@gmail.com>,
kvm@vger.kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
riel@redhat.com, Kees Cook <keescook@chromium.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Hossam Hassan <7ossam9063@gmail.com>,
Ahmed Lotfy <A7med.lotfey@gmail.com>,
virtualization@lists.linux-foundation.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Design Decision for KVM based anti rootkit
Date: Tue, 19 Jun 2018 18:37:53 +0100 [thread overview]
Message-ID: <7337582f-0007-d006-0809-cf41fd93b31e@nutanix.com> (raw)
In-Reply-To: <CAAGnT3bjYPu9bordn_Dh8z+MW6p5DDLoSsZC9xg8QxQriVus9A@mail.gmail.com>
On 16/06/18 12:49, Ahmed Soliman wrote:
>
> To wrap things up, the basic design will be a method for communication
> between host and guest is guest can request certain pages to be read
> only, and then host will force them to be read-only by guest until
> next guest reboot, then it will impossible for guest OS to have them
> as RW again. The choice of which pages to be set as read only is the
> guest's. So this way mixed pages can still be mixed with R/W content
> even if holds kernel code.
It's not clear how this increases security. What threats is this
protecting again?
As an attacker, modifying the sensitive pages (kernel text?) will
require either: a) altering the existing mappings for these (to make
them read-write or user-writable for example); or b) creating aliased
mappings with suitable permissions.
If the attacker can modify page tables in this way then it can also
bypass the suggested hypervisor's read-only protection by changing the
mappings to point to a unprotected page.
David
next prev parent reply other threads:[~2018-06-19 17:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-16 11:49 [Qemu-devel] Design Decision for KVM based anti rootkit Ahmed Soliman
2018-06-18 14:34 ` David Hildenbrand
2018-06-18 16:35 ` Ahmed Soliman
2018-06-18 19:01 ` David Hildenbrand
2018-06-19 17:37 ` David Vrabel [this message]
2018-06-19 18:12 ` Ahmed Soliman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7337582f-0007-d006-0809-cf41fd93b31e@nutanix.com \
--to=david.vrabel@nutanix.com \
--cc=7ossam9063@gmail.com \
--cc=A7med.lotfey@gmail.com \
--cc=ahmedsoliman0x666@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=riel@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).