Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries
From: Chris Wright
Date: Thu Sep 09 2004 - 12:57:11 EST
* Serge E. Hallyn (serue@xxxxxxxxxx) wrote:
> > > - support to avoid vulnerability for rewrite of shared
> > > libraries
> >
> > Could you elaborate on this one?
>
> When a file is being executed, deny_write_access(file) is called to
> prevent writing until execution completes. Because deny_write_access
> is not exported from fs/namei.c, we emulate this behavior for shared
> libraries.
Hmm, ok, so you're relying on the loader to do PROT_EXEC mmaps for
shared libraries? Probably not required at least on x86. Also, does
this work when executing loader directly (/lib/ld.so /bin/ps), and with
dlopen?
> > > Future works
> > > =============
> > >
> > > - improving the caching and revocation: it is currently tested
> > > and will be sent out soon after stability testing
> >
> > Should be helpful enough to cache result until thing's opened for
> > writing, or is that what you're doing now?
>
> Exactly. When the file is opened for writing (which as much as possible
> requires the file to not be executed), we uncache the signature
> validation.
>
> (The new patch hashes revocations (they were on a linked list), and
> steals the seqlock-based structure Rik van Riel had suggested for
> the selinux avc cache for use in the signature revocation cache. There
> is no change in functionality, only (hopefully) performance improvements.)
Ok, I see. Makes sense.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/