| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <871umkew15.fsf@sejong.aot.lge.com> Date: Wed, 16 May 2012 10:48:06 +0900 From: Namhyung Kim <namhyung.kim@....com> To: valdis.kletnieks@...edu Cc: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, linux-kernel@...r.kernel.org, Hyeoncheol Lee <cheol.lee@....com> Subject: Re: [QUESTION] Kprobes as a module? Hi, On Tue, 15 May 2012 15:52:15 -0400, valdis kletnieks wrote: > On Tue, 15 May 2012 17:24:11 +0900, Namhyung Kim said: >> Probably a dumb question :). >> What prevents the kprobes from being built as a module? We want to use >> the kprobes on our systems, but some guys worried about potential >> security problems. So it'd be great if we can enable/load kprobes as >> needed and then disable/unload after using it. Is it a possible senario? > > Any troublemaker who has the ability to set a kprobe would probably also > have theability to just re-load the module before setting the kprobe (unless > you go to a *lot* of trouble to compartmentalize the root user). > > So it's not clear there's a security benefit from making it a module. If anything, > it makes it *worse* because you can then surprise a sysadmin who *thought* > they were running a KPROBES=n kernel by loading a module and turning it on... Right, thanks for your comment. Namhyung -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists