| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080906154551.GB1774@elte.hu> Date: Sat, 6 Sep 2008 17:45:51 +0200 From: Ingo Molnar <mingo@...e.hu> To: Willy Tarreau <w@....eu> Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>, pageexec@...email.hu, Andi Kleen <andi@...stfloor.org>, Arjan van de Ven <arjan@...radead.org>, linux-kernel@...r.kernel.org, tglx@...x.de, hpa@...or.com Subject: Re: [patch] Add basic sanity checks to the syscall execution patch * Willy Tarreau <w@....eu> wrote: > Then they will simply proceed like this : > - patch /boot/vmlinuz > - sync > - crash system > > => user says "oh crap" and presses the reset button. Patched kernel boots. > Game over. Patching vmlinuz for known targetted distros is even easier > because the attacker just has to embed binary changes for the most > common distro kernels. a reboot often raises attention. But yes, in terms of end user boxes, probably not. Anyway, my points were about transparent rootkits installed on a running system without anyone noticing - obviously if the attacker can modify the kernel image and the user does not mind a reboot it's game over. Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists