lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Sun, 7 Sep 2008 14:53:31 +0200
From:	Pavel Machek <>
To:	Ingo Molnar <>
Cc:	Willy Tarreau <>,
	Benjamin Herrenschmidt <>,, Andi Kleen <>,
	Arjan van de Ven <>,,,
Subject: Re: [patch] Add basic sanity checks to the syscall execution patch

On Sat 2008-09-06 17:45:51, Ingo Molnar wrote:
> * Willy Tarreau <> wrote:
> > Then they will simply proceed like this :
> >   - patch /boot/vmlinuz
> >   - sync
> >   - crash system
> > 
> > => user says "oh crap" and presses the reset button. Patched kernel boots.
> >    Game over. Patching vmlinuz for known targetted distros is even easier
> >    because the attacker just has to embed binary changes for the most
> >    common distro kernels.
> a reboot often raises attention. But yes, in terms of end user boxes, 
> probably not. Anyway, my points were about transparent rootkits 
> installed on a running system without anyone noticing - obviously if the 
> attacker can modify the kernel image and the user does not mind a reboot 
> it's game over.

Well, install a rootkit in /boot/vmlinuz, sync, then wait for user to
reboot its system?

Even well-kept servers are rebooted from time to time.

I agree -- the only way to win is not to play this game.

(cesky, pictures)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists