| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201103042330.25079.rjw@sisk.pl> Date: Fri, 4 Mar 2011 23:30:24 +0100 From: "Rafael J. Wysocki" <rjw@...k.pl> To: Vasiliy Kulikov <segoon@...nwall.com> Cc: linux-kernel@...r.kernel.org, security@...nel.org, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, linux-pm@...ts.linux-foundation.org Subject: Re: [PATCH] power: disable hibernation if module loading is disabled On Friday, March 04, 2011, Vasiliy Kulikov wrote: > On Fri, Mar 04, 2011 at 22:21 +0100, Rafael J. Wysocki wrote: > > On Friday, March 04, 2011, Vasiliy Kulikov wrote: > > > If modules_disabled is set to 1, then nobody, even full root may not write > > > to the kernel, right? So, if something permits to indirectly pass > > > modules_disabled restriction, this is a bug. Otherwise, > > > modules_disabled is confusing as it gives false sense of security. > > > > > > -OR- > > > > > > modules_disabled's documentation should be changed to note that it > > > doesn't prevent rootkit uploading, but only forbids modprob'ing modules > > > via the "official" init_module(2) gate, disallowing e.g. module autoloading. > > > > Why not to change that documentation, then? > > Because it's better to fix something (if it is possible, of course) than > simply documenting the bug. modules_disabled surely is not the right interface to disable hibernation and I don't really think there's a bug because it doesn't work as you'd like it to. In fact, there would be a bug if it did work that way. > > Also, please note that in order to "write" into memory using the hibernation > > interface you need to have write access to swap, > > No, you may just "write the kernel" via write() /dev/snapshot, this is > the way uswsusp works. I didn't check whether it really needs > temporary file to change the kernel memory or it may be done entirely > without disk iteraction. This is irrelevant to modules_disabled policy > violation, though. Sorry, but who defined the "modules_disabled policy" and when did that happen and how come that I'm not aware of it? > > which you can use to corrupt > > memory regardless of the modules_disabled setting AFAICS. > > Please correct me if I'm wrong, but kernel memory is not swappable at > all and only userspace memory is written to the swap. Root with > CAP_SYS_ADMIN already may do everything with all processes, so this is > not a threat. OK > If one may change kernel memory via swap then it is another problem with > modules_disabled. If you want an interface to disable _any_ kind of writes into the kernel memory by any means, then please add it and don't call it modules_disabled, because it's a hell of a confusing name and no amount of documentation can help that. Thanks, Rafael -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists