LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Dave Jones <davej@redhat.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: David Howells <dhowells@redhat.com>,
	torvalds@osdl.org, akpm@osdl.org, herbert.xu@redhat.com,
	linux-kernel@vger.kernel.org, arjan@infradead.org,
	linux-crypto@vger.kernel.org
Subject: Re: [PATCH 0/6] MODSIGN: Kernel module signing
Date: Fri, 16 Feb 2007 15:21:35 -0500	[thread overview]
Message-ID: <20070216202135.GA22121@redhat.com> (raw)
In-Reply-To: <20070215221304.GB6602@ucw.cz>

On Thu, Feb 15, 2007 at 10:13:04PM +0000, Pavel Machek wrote:
 > Hi!
 > 
 > > Now, this is not a complete solution by any means: the core kernel is not
 > > protected, and nor are /dev/mem or /dev/kmem, but it denies (or at least
 > > controls) one relatively simple attack vector.
 > 
 > Could we fix the /dev/*mem holes, first? They are already used by
 > malicious modules (aka rootkits...).  Or can selinux already provide
 > /dev/*mem protection with no way for admin to turn it off?

There are some valid uses for peeking through /dev/mem. Things like
dmidecode for example.  So you don't want to disable it completely
in a lot of cases, but have fine-grained access to specific parts
of the file.  I'm not sure SELinux can do this. Maybe the MLS stuff
helps here (though I'm far from an expert on this, so I could be
talking out of my rear).

The restricted dev/mem patches we've had in Fedora for a while
do the right thing, but they're a bit crufty (in part due to
drivers/char/mem.c being a bit of a mess before we even start
patching it).  I've had "clean these up for upstream" on my
todo for a while. I might get around to it one of these days.

		Dave

-- 
http://www.codemonkey.org.uk

  reply	other threads:[~2007-02-16 20:22 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-02-14 19:09 David Howells
2007-02-14 19:09 ` [PATCH 2/6] MODSIGN: In-kernel crypto extensions David Howells
2007-02-14 19:09 ` [PATCH 3/6] MODSIGN: Add indications of module ELF types David Howells
2007-02-14 19:09 ` [PATCH 4/6] MODSIGN: Module ELF verifier David Howells
2007-02-14 19:10 ` [PATCH 5/6] MODSIGN: Module signature checker and key manager David Howells
2007-02-14 19:10 ` [PATCH 6/6] MODSIGN: Apply signature checking to modules on module load David Howells
2007-02-14 19:26 ` [PATCH 0/6] MODSIGN: Kernel module signing Linus Torvalds
2007-02-14 19:40 ` David Howells
2007-02-14 21:32   ` Michael Halcrow
2007-02-14 21:59   ` David Howells
2007-02-14 22:21     ` Michael Halcrow
2007-02-15 21:31   ` Indan Zupancic
2007-02-15  3:41 ` Andrew Morton
2007-02-15  4:13   ` Dave Jones
2007-02-15  5:35     ` Andreas Gruenbacher
2007-02-15  5:45       ` Dave Jones
2007-02-15  6:14         ` Andreas Gruenbacher
2007-02-15  6:22           ` Dave Jones
2007-02-15 20:34           ` Valdis.Kletnieks
2007-02-15 22:12             ` Andreas Gruenbacher
2007-02-16  0:15               ` Olaf Kirch
2007-02-15 22:10           ` Pavel Machek
2007-02-15 20:55     ` Valdis.Kletnieks
2007-02-15 21:32       ` Adrian Bunk
2007-02-15 22:12         ` Valdis.Kletnieks
2007-02-15 14:35 ` Roman Zippel
2007-02-15 17:32 ` David Howells
2007-02-15 18:33   ` Roman Zippel
2007-02-15 20:01     ` David Lang
2007-02-15 21:01       ` Roman Zippel
2007-02-15 21:03 ` Adrian Bunk
2007-02-15 22:13 ` Pavel Machek
2007-02-16 20:21   ` Dave Jones [this message]
2007-02-16 20:27     ` Arjan van de Ven
     [not found] <7OPWh-470-9@gated-at.bofh.it>
     [not found] ` <7OxPF-16i-7@gated-at.bofh.it>
     [not found]   ` <7OSKA-8A-17@gated-at.bofh.it>
     [not found]     ` <7OTGJ-1G5-23@gated-at.bofh.it>
2007-02-16 15:38       ` Bodo Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070216202135.GA22121@redhat.com \
    --to=davej@redhat.com \
    --cc=akpm@osdl.org \
    --cc=arjan@infradead.org \
    --cc=dhowells@redhat.com \
    --cc=herbert.xu@redhat.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pavel@ucw.cz \
    --cc=torvalds@osdl.org \
    --subject='Re: [PATCH 0/6] MODSIGN: Kernel module signing' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).