lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 May 2012 10:44:26 +0900 From: Namhyung Kim <namhyung.kim@....com> To: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> Cc: Cong Wang <xiyou.wangcong@...il.com>, linux-kernel@...r.kernel.org, Hyeoncheol Lee <cheol.lee@....com>, yrl.pp-manager.tt@...achi.com Subject: Re: [QUESTION] Kprobes as a module? Hi, On Tue, 15 May 2012 21:18:25 +0900, Masami Hiramatsu wrote: > No, actually you can't make it as a module. There are > two major reasons. > - ftrace depends on the kprobes now. > - int3 handling routine is deeply depends on > the architecture. This includes text modifying code. > > Thus, if you separate the kprobes into module, that means > you need to expose more ugly interface of self modifying > for kernel modules. > I see. > (2012/05/15 17:34), Namhyung Kim wrote: >> Hi, >> >> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote: >>> On 05/15/2012 04:24 PM, Namhyung Kim wrote: >>>> Hi, >>>> >>>> Probably a dumb question :). >>>> What prevents the kprobes from being built as a module? We want to use >>>> the kprobes on our systems, but some guys worried about potential >>>> security problems. So it'd be great if we can enable/load kprobes as >>>> needed and then disable/unload after using it. Is it a possible senario? > > BTW, I'm not sure what the potential security problems on that? > kprobes itself can be used only from kernel modules(except ftrace). > If someone compromises kernel with kernel module, he doesn't need > kprobes at all. They just can do anything they want. :) > Nevermind, it seems they just worried about what they don't know exactly. Anyway, thanks for your answer. Namhyung -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists