On Fri, Jun 08, 2001 at 06:32:42PM -0400, jmjonesat_private wrote: > But it DOES simplify the exploitation of a vulnerability. I've already > "signed off" on this, but feel compelled to point out that exposing the > security_ops structure DOES simplify any LKM's task if the code intends > to "short circuit" security, even if only marginally. Consider this, then. :) The difficulty of detecting a module doing something screwy with security_ops is linear with respect to the amount of effort the module author put into making it obscure. If the module author does anything with security_ops using its name, "strings -a" will find it. So, if you want to keep out the modules that trivially mess with security_ops, you have a trivial check available. Any modules that happen to use security_ops can be investigated further. Of course, for those that undertake the 'attack the memory location without knowing the name' attacks, you are just as screwed whether or not security_ops is exported, and no quick grep/strings will make it go away. :) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 16:19:22 PDT