| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080905204830.GB18288@one.firstfloor.org> Date: Fri, 5 Sep 2008 22:48:30 +0200 From: Andi Kleen <andi@...stfloor.org> To: pageexec@...email.hu Cc: Ingo Molnar <mingo@...e.hu>, Andi Kleen <andi@...stfloor.org>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Arjan van de Ven <arjan@...radead.org>, linux-kernel@...r.kernel.org, tglx@...x.de, hpa@...or.com Subject: Re: [patch] Add basic sanity checks to the syscall execution patch On Fri, Sep 05, 2008 at 09:42:48PM +0200, pageexec@...email.hu wrote: > On 5 Sep 2008 at 19:26, Andi Kleen wrote: > > > > > First such checkers already exist -- they are called root kit checkers. > > There are various around. > > Usually operate from user space. You could run them in a cron job. > > how trivial do you think it is for *kernel* code to evade *userland* > checking it? ;) otherwise agreed with rest. It depends on where the userland runs. e.g. if it's under a hypervisor and in a separate domain it should be reasonably safe. And then I don't think it is much difference between Ingo's kernel checker and a user land checker. Both can be disabled it you know about them. -Andi -- ak@...ux.intel.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists