lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 May 2012 21:18:25 +0900
From:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To:	Namhyung Kim <namhyung.kim@....com>
Cc:	Cong Wang <xiyou.wangcong@...il.com>, linux-kernel@...r.kernel.org,
	Hyeoncheol Lee <cheol.lee@....com>,
	yrl.pp-manager.tt@...achi.com
Subject: Re: [QUESTION] Kprobes as a module?

Hi,

No, actually you can't make it as a module. There are
two major reasons.
 - ftrace depends on the kprobes now.
 - int3 handling routine is deeply depends on
   the architecture. This includes text modifying code.

Thus, if you separate the kprobes into module, that means
you need to expose more ugly interface of self modifying
for kernel modules.

(2012/05/15 17:34), Namhyung Kim wrote:
> Hi,
> 
> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote:
>> On 05/15/2012 04:24 PM, Namhyung Kim wrote:
>>> Hi,
>>>
>>> Probably a dumb question :).
>>> What prevents the kprobes from being built as a module? We want to use
>>> the kprobes on our systems, but some guys worried about potential
>>> security problems. So it'd be great if we can enable/load kprobes as
>>> needed and then disable/unload after using it. Is it a possible senario?

BTW, I'm not sure what the potential security problems on that?
kprobes itself can be used only from kernel modules(except ftrace).
If someone compromises kernel with kernel module, he doesn't need
kprobes at all. They just can do anything they want. :)

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ