* jmjonesat_private (jmjonesat_private) wrote: > > > * jmjonesat_private (jmjonesat_private) wrote: > > > On Thu, 7 Jun 2001, Chris Wright wrote: > > > > If you pass the whole filename to the LKM (from argv[0]) you allow > the module to check the file directly, by md5check or any other > method, BEFORE releasing the security_ops structure. This is a > very "heavy" solution, but one possible. You already control module loading. Once the module is loaded there is _nothing_ you can do to protect yourself. > For example, I use FLASHPATH.O on my "favored" workstation so I can > read and write smartmedia from my camera. FLASHPATH.O has *NO* business > with security_ops. If we make it HARD (in essence, eliminate the > possibility of a "legal" and "illegal" module by that filename), we > prevent "easy" cracks. FlashPath.c comes down from the WEB (even worse > than the NET, security-wise). Alright, then you have no business inserting flashpath.o if you can't trust it! ;-) All the things you've suggested about databases and md5sums, and all that are a policy an lsm module can use to determine if it should ever _load_ the module to begin with. > My FLASHPATH driver could easily (a few lines) replace my whole security > structure unless we hide it somehow. Your flashpath driver can easily screw your ENTIRE machine. It is part of the kernel, it has all the control the kernel does. Hiding the translation from symbol name to memory address is relatively useless! -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 13:19:32 PDT