lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALLzPKZ5UJFRvEYL4C=XAExqnsvvv5zudD6tj_vOYs5ix1DbGQ@mail.gmail.com>
Date:	Fri, 8 Feb 2013 10:30:43 +0200
From:	"Kasatkin, Dmitry" <dmitry.kasatkin@...el.com>
To:	Peter Jones <pjones@...hat.com>
Cc:	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC 1/2] export unpack_to_rootfs

On Tue, Feb 5, 2013 at 7:16 PM, Kasatkin, Dmitry
<dmitry.kasatkin@...el.com> wrote:
> On Tue, Feb 5, 2013 at 6:48 PM, Peter Jones <pjones@...hat.com> wrote:
>> On Tue, Feb 05, 2013 at 02:34:49PM +0200, Dmitry Kasatkin wrote:
>>> Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@...el.com>
>>> ---
>>>  init/do_mounts.h |    2 ++
>>>  init/initramfs.c |    2 +-
>>>  2 files changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/init/do_mounts.h b/init/do_mounts.h
>>> index f5b978a..11829eb 100644
>>> --- a/init/do_mounts.h
>>> +++ b/init/do_mounts.h
>>> @@ -74,3 +74,5 @@ void md_run_setup(void);
>>>  static inline void md_run_setup(void) {}
>>>
>>>  #endif
>>> +
>>> +char * __init unpack_to_rootfs(char *buf, unsigned len);
>>> diff --git a/init/initramfs.c b/init/initramfs.c
>>> index 84c6bf1..e32bc06 100644
>>> --- a/init/initramfs.c
>>> +++ b/init/initramfs.c
>>> @@ -421,7 +421,7 @@ static unsigned my_inptr;   /* index of next byte to be processed in inbuf */
>>>
>>>  #include <linux/decompress/generic.h>
>>>
>>> -static char * __init unpack_to_rootfs(char *buf, unsigned len)
>>> +char * __init unpack_to_rootfs(char *buf, unsigned len)
>>>  {
>>>       int written, res;
>>>       decompress_fn decompress;
>>
>> Doing this unconditionally seems to be inviting rootkit authors to use a
>> new and shiny tool.  I also don't think it's the best way to do this,
>> but I'll comment on the other patch to explain why.
>>
>

Just wanted to point out, that there is no chance for rootkits in
anyway because of this:

1) "rootkits" can have unpacking functionality inside, but if they are so lazy
2) unpack_to_rootfs() is not EXPORT_SYMBOLed.
3) and more over, unpack_to_rootfs() is "__init" and is freed before
main initramfs or rootfs init is executed.

- Dmitry

> Sorry for re-post, but answering from mobile was in HTML and it was blocked.
> Modifying an initramfs gives the same opportunity during boot only.
> But agreed, it might be the part of the primary source code. It was
> very to do it in this way to implement and test a solution.
>
> Thanks.
>
>> --
>>         Peter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ