lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 1 May 2008 13:38:02 +0200
From:	Enrico Weigelt <weigelt@...ux.de>
To:	linux kernel list <linux-kernel@...r.kernel.org>
Subject: Re: A system for rebootless kernel security updates

* Jeff Arnold <jbarnold@....EDU> wrote:

Hi,

> I'm willing to undertake the project of bringing the code up to kernel 
> coding standards so that it can eventually be considered for mainline. 
> I'll plan on undertaking this project if I don't receive feedback that I 
> shouldn't do so.

Great think :)
I'd actually like to see it mainline tree (I prefer vanilla kernel
instead of distro specific). 

> If people have concerns about the high-level design of the system, it 
> would be useful for me to know that information sooner rather than later.

I didn't have the time for an deeper study yet, but as you already
mentioned, there're lots of limitations which can make it harmful:
as soon as interfaces chance, you're in *big* trouble. There should
be a way for finding them (automatically). Maybe extract the 
interface signatures (including structs!) so some appropriate place
next to the kernel, so they can be checked before (re)loading the
module.

Ah, of course you can't change code that's not an dynamic module :(


Even this goes OT now - I'd really prefer more things in userland,
eg. network- or synthetic filesystems, crypt stuff, etc - so 
there would be less to update within the kernel ;-o

cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service - http://www.metux.de/
---------------------------------------------------------------------
 Please visit the OpenSource QM Taskforce:
 	http://wiki.metux.de/public/OpenSource_QM_Taskforce
 Patches / Fixes for a lot dozens of packages in dozens of versions:
	http://patches.metux.de/
---------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ