lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8762bwew79.fsf@sejong.aot.lge.com>
Date:	Wed, 16 May 2012 10:44:26 +0900
From:	Namhyung Kim <namhyung.kim@....com>
To:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc:	Cong Wang <xiyou.wangcong@...il.com>, linux-kernel@...r.kernel.org,
	Hyeoncheol Lee <cheol.lee@....com>,
	yrl.pp-manager.tt@...achi.com
Subject: Re: [QUESTION] Kprobes as a module?

Hi,

On Tue, 15 May 2012 21:18:25 +0900, Masami Hiramatsu wrote:
> No, actually you can't make it as a module. There are
> two major reasons.
>  - ftrace depends on the kprobes now.
>  - int3 handling routine is deeply depends on
>    the architecture. This includes text modifying code.
>
> Thus, if you separate the kprobes into module, that means
> you need to expose more ugly interface of self modifying
> for kernel modules.
>

I see.


> (2012/05/15 17:34), Namhyung Kim wrote:
>> Hi,
>> 
>> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote:
>>> On 05/15/2012 04:24 PM, Namhyung Kim wrote:
>>>> Hi,
>>>>
>>>> Probably a dumb question :).
>>>> What prevents the kprobes from being built as a module? We want to use
>>>> the kprobes on our systems, but some guys worried about potential
>>>> security problems. So it'd be great if we can enable/load kprobes as
>>>> needed and then disable/unload after using it. Is it a possible senario?
>
> BTW, I'm not sure what the potential security problems on that?
> kprobes itself can be used only from kernel modules(except ftrace).
> If someone compromises kernel with kernel module, he doesn't need
> kprobes at all. They just can do anything they want. :)
>

Nevermind, it seems they just worried about what they don't know
exactly. Anyway, thanks for your answer.

Namhyung
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ