Re: Binary only module overview

From: Chris Wright (chrisat_private)
Date: Mon Sep 24 2001 - 18:40:30 PDT

  • Next message: Kurt Seifried: "Re: Binary only module overview"

    * richard offer (offerat_private) wrote:
    > 
    > 
    > * frm chrisat_private "09/24/01 16:23:06 -0700" | sed '1,$s/^/* /'
    > *
    > * OK, the above is exactly why i think kernel developers are concerned
    > * about the combination of LSM and proprietary binary only modules.
    > * LSM _does_ require significant change to the Linux kernel.  So now you
    > * have a module that is based on major change to kernel.  In addition these
    > * changes make it possible to easily fundamentally change the behavior of
    > * the linux kernel with a binary only proprietary module (this is precisely
    > * why there is no interface to change the syscall table).
    > 
    > So you're saying that with the current state of Linux, that there is no way
    > that I can write a (non security) loadable module that changes the
    > behaviour of the existing kernel ?
    > 
    > Whats technically to stop me writing a device driver that replaces the
    > exiting capable() code with my own implementation ? Likewise with
    > intercepting and replacing system calls ?
    
    #include <IANAL.h>
    nevermind the static inline nature of capable ;-)  what i'm relaying is
    what i've read during the many flamewars regarding binary only linux
    modules.  spefically, with the syscall table, i was referring to
    _adding_ syscalls, sorry for not being more specific.
    
    for some recent readings...  see this lwn article:
    http://lwn.net/2001/0524/ "The boundaries of the GPL"
    and this one:
    http://lwn.net/2001/0614/kernel.php3 "A new networking patch pushes the
    limits of what modules can do"
    
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 18:42:34 PDT