Re: RFC: sys_execve security kernel mod

From: Greg KH (gregat_private)
Date: Thu Jun 20 2002 - 22:10:46 PDT

  • Next message: Jesse Pollard: "Re: RFC: sys_execve security kernel mod"

    On Thu, Jun 20, 2002 at 07:10:06PM -0700, J. Paul Reed wrote:
    > On Thu, 20 Jun 2002, Greg KH wrote:
    > 
    > > Sounds like the same idea as CryptoMark:
    > > 	http://www.immunix.org/cryptomark.html
    > > But it uses GPG keys to sign binaries.
    > 
    > I'll take a look...
    > 
    > > It is a nice idea.  Be careful of replacing syscalls, it's non-portable
    > > and extremely racy.  I'd recommend using the LSM interface for your
    > > execve() hook, which removes all of those problems.
    > 
    > We took extreme care to make sure that it *was* portable; how is replacing
    > the system call, in the manner we've implemented it, non-portable (please
    > excuse my obvious kernel-ignorance :-)
    
    I take it back, you aren't replacing the sys_execve system call, you are
    using the loader table, which is the proper way to do something like
    this.  Very nice job.  You do try to disable the load_module() and
    friends syscalls, which I would just drop if I were you.  They provide
    no real security at all.  And your replacement of them is racy.  See:
    	http://www.kernelnewbies.org/faq/index.php3#intercept
    for an explaination of why replacing the syscall table entry is bad (and
    specifically, why replacing sys_execve() is so tough :)
    
    And I like what you are doing with the inode caching.  That solves the
    major problem that I had when developing CryptoMark, namely the speed
    hit.  Your cache, at first glance, seems like the proper way to not have
    to constantly check the file for every time it is executed.  But I'm not
    so sure that mtime could not be faked, so you might look into how secure
    this really is.
    
    I hope you two got a good grade for this, it's a nice piece of work for
    a tough problem.
    
    greg k-h
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 22:13:27 PDT