Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- From: Alexander Wuerstlein <snalwuer@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 21 Jun 2007 19:46:13 +0200
On 070621 19:33, Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:
On Thu, 2007-06-21 at 19:25 +0200, Alexander Wuerstlein wrote:
On 070621 19:21, Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:
On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote:
Modified task_struct to hold a 'signed flag' which is set on exec(), inherited
on fork() and checked during exec before giving the new process suid/sgid
privileges.
do you also check the signature of glibc and every other shared library
that the app uses (or dlopens)? if not.. the entire exercise is rather
pointless...
We do check that, that is patch [3/4].
Of course we can only check mmap-ed files, if there is no file like with JIT
compilers we are out of luck.
or if the process uses read() not mmap().
If a process uses read() it needs some executable and writable memory. We do
check for this in mprotect(). There is a problem with the i386-architecture,
because it allows execution of any readable page (except with newer
processors). But beyond that ugliness of i386, it should not be possible to
execute anything without us noticing it (hopefully).
Scripting languages are of course problematic. In the suid-case you could just
call anyone insane who wants to use a suid-shellscript. But in other cases one
might want signed binaries for, we do have a problem. With java or shell one
would need an interpreter/vm which is signed and reasonably trustworthy itself
and checks the signature of the shellscript or classfile it executes. The
(probably not all too complicated) writing of such an interpreter is left as an
exercise to the reader ;)
Ciao,
Alexander Wuerstlein.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- From: Jan Engelhardt
- Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- From: Arjan van de Ven
- Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- References:
- [PATCH] Check files' signatures before doing suid/sgid [2/4]
- From: Alexander Wuerstlein
- Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- From: Arjan van de Ven
- Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- From: Alexander Wuerstlein
- Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- From: Arjan van de Ven
- [PATCH] Check files' signatures before doing suid/sgid [2/4]
- Prev by Date: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
- Next by Date: Re: Adding subroot information to /proc/mounts, or obtaining that through other means
- Previous by thread: Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- Next by thread: Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
- Index(es):
Relevant Pages
|
Loading
