| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jun 2008 12:04:19 -0400 From: Masami Hiramatsu <mhiramat@...hat.com> To: Takashi Nishiie <t-nishiie@...css.fujitsu.com> CC: "'Alexey Dobriyan'" <adobriyan@...il.com>, "'Mathieu Desnoyers'" <mathieu.desnoyers@...ymtl.ca>, "'Peter Zijlstra'" <peterz@...radead.org>, "'Steven Rostedt'" <rostedt@...dmis.org>, "'Frank Ch. Eigler'" <fche@...hat.com>, "'Ingo Molnar'" <mingo@...e.hu>, "'LKML'" <linux-kernel@...r.kernel.org>, "'systemtap-ml'" <systemtap@...rces.redhat.com>, "'Hideo AOKI'" <haoki@...hat.com> Subject: Re: [RFC] Tracepoint proposal Hi, Takashi Nishiie wrote: > Hi > > Hiramatsu wrote: >> One reason why we need markers or other in-the-middle-of-function >> trace point is that some events happen inside functions, not it's >> interface. > > Each kernel sub-system seems to have its own way of dealing with > debugging statements. Some of these methods include 'dprintk', > 'pr_debug', 'dev_debug', 'DEBUGP'. I think that these functions are > the tracepoints that has been availably mounted without setting up > the tool set of the outside. I think whether mounting that unites > these functions can be done if kernel marker and tracepoint are used. Sure, I think those functions covers each partially, but some requirements are different. dynamic printk - stored in a section - dynamic activation - formatted message (multiple messages for each activation group) - export basic types - variadic function - low frequently called - module support Marker - stored in a section - dynamic activation - formatted string (single format for each marker) - export basic types - variadic function - low-high frequently called - module support Tracepoint - stored in a section - dynamic activation - no message - export kernel structure - arguments depending on points - high frequently called - no module support (kernel use only) > By the way, isn't there problem on security? > What kprobe, jprobe, and kernel marker, etc. offer looks like what > the framework of Linux Security Module had offered before. Gotten > kprobe, jprobe, and kernel marker, etc. should not be exported to the > userland for security because it becomes the hotbed of rootkits. Users > such as kprobe, jprobe, and kernel marker should not be Loadable Kernel > Module. I think that there are some solutions in LTTng about this > security problem. However, will the environment to be able to operate > SystemTap be really secure? > At least, kernel commandline option to invalidate all of kprobe, > jprobe, and kernel marker, etc. because of the batch might be > necessary. Please, set CONFIG_MODULES=no. If your system really really needs to be hardened, please don't make kernel module loadable. Otherwise, any kernel module can modify any kernel code. So, I think it's not a problem of any specific functionality. Anyway, I think selinux will give you more flexible way to restrict who can load what modules. Thank you, -- Masami Hiramatsu Software Engineer Hitachi Computer Products (America) Inc. Software Solutions Division e-mail: mhiramat@...hat.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists