[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <628d1651002190423s4590bbc5x2eeff6792619f591@mail.gmail.com>
Date: Fri, 19 Feb 2010 20:23:53 +0800
From: wzt wzt <wzt.wzt@...il.com>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: linux-kernel@...r.kernel.org, sds@...ho.nsa.gov, jmorris@...ei.org,
eparis@...isplace.org
Subject: Re: [PATCH] LSM: add static to security_ops variable
> It's not a barrier, it's garbage. Once you know the adress security_ops
> ended up at, you simply write to it.
How to find the security_ops address if the variable is static? Would
you please make an example?
> Not that easily, but they still can.
That's why i suggest to make the variable to static, if you had wrote
a rootkit, you will find that in kernel 2.4.x, there are many many
rootkits, but in kernel 2.6.x, rootkit became fewer. Not all the
kernel driver writers can master this method to find the variable's
address.
The patch also delete the secondary_ops variable.
On Fri, Feb 19, 2010 at 8:02 PM, Alexey Dobriyan <adobriyan@...il.com> wrote:
> On Fri, Feb 19, 2010 at 1:57 PM, wzt wzt <wzt.wzt@...il.com> wrote:
>> Maybe, but The attackers will use a complicated way to find the
>> security_ops address, it's a barrier to attackers.
>
> It's not a barrier, it's garbage. Once you know the adress security_ops
> ended up at, you simply write to it.
>
>> LSM is security framework, we don't want the attackers can easily
>> to break it.
>
> LSM doesn't protect kernel from kernel.
>
>> Just like the sys_call_table variable in kernel 2.4.x(global and
>> writeable), evil drivers can extern the variable, then replace the
>> Sys_X functions.
>
> Not that easily, but they still can.
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists