Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

---

• From: "Ulrich Drepper" <drepper@xxxxxxxxx>
• Date: Fri, 28 Apr 2006 08:33:32 -0700

---

On 4/25/06, Axelle Apvrille <axelle_apvrille@xxxxxxxx> wrote:

1- "does this also prevent people writing their own
elf loader in a bit of perl and just mmap the code"

I'm not sure to exactly understand what you mean:

- if you mean writing an application able to read &
'interpret' an ELF executable: again, I think DigSig
will prevent this, because when you mmap the code,
this calls (at kernel level) do_mmap which triggers an
LSM hook called file_mmap. And we implement checks in
that hook...

- if you mean modifying the ELF loader so that do_mmap
/ file_mmap aren't called, well you'll need to hack
the kernel, won't you ?

- finally, note you also have choice not to sign this
elf loader of yours. If it isn't signed, it won't ever
run ;-)

No, there no problem writing a loader. All you need is to create
anonymous mappings. Via mmap, maybe on the stack, some heaps are
still executable. Then you load the code, fix it up for the address,
and be done. The kernel cannot and will not prevent a read(2) call on
the binary. That's all that's needed. And without the SELinux
support in place you cannot prevent non-exec memory creation and even
then, some people need it (jvms, OpenGL libs, etc) to generate code on
the fly. So it's never completely ruled out. Again, look at the code
in http://people.redhat.com/drepper/selinux-mem.html.

Given you have executable anonymous memory it is a one-time small
effort to write a loader and you're done. Nothing your signature
detection code can do about it. This is snake oil.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Serge E. Hallyn

• References:
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Nix
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Axelle Apvrille

• Prev by Date: Re: test
• Next by Date: Re: Simple header cleanups
• Previous by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
• Next by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries ... elf loader in a bit of perl and just mmap the code" ... if you mean modifying the ELF loader so that do_mmap ... the kernel, won't you? ... BS - you can stack another LSM to prevent that. ... (Linux-Kernel) Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug ... Subject: SuSE 7.3: Kernel 2.4.10-4GB Bug ... Jakub Jelinek: ELF loader cleanups ... Jakub Jelinek: handle more ELF loading special cases ... Vendors wishing to backport patches into their kernels may wish to start ... (Bugtraq) Re: [BROKEN PATCH] kexec for ia64 ... But all they need are the ia64 bits of the ELF loader, ... Sort of fundamentally they are arch dependent. ... was targeted for a kernel without device_shutdown, ... (Linux-Kernel) Re: [BROKEN PATCH] kexec for ia64 ... But all they need are the ia64 bits of the ELF loader, ... > was targeted for a kernel without device_shutdown, ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)