Re: [PATCH 1/2] module: add syscall to load module from fd
From: Kees Cook
Date: Fri Sep 07 2012 - 13:19:43 EST
On Fri, Sep 7, 2012 at 10:12 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> On Fri, 2012-09-07 at 09:45 +0930, Rusty Russell wrote:
>> Kees Cook <keescook@xxxxxxxxxxxx> writes:
>> > Instead of (or in addition to) kernel module signing, being able to reason
>> > about the origin of a kernel module would be valuable in situations
>> > where an OS already trusts a specific file system, file, etc, due to
>> > things like security labels or an existing root of trust to a partition
>> > through things like dm-verity.
>> >
>> > This introduces a new syscall (currently only on x86), similar to
>> > init_module, that has only two arguments. The first argument is used as
>> > a file descriptor to the module and the second argument is a pointer to
>> > the NULL terminated string of module arguments.
>>
>> Thanks. Minor comments follow:
>
> Rusty, sorry for bringing this up again, but with Kees' new syscall,
> which passes in the file descriptor, appraising the integrity of kernel
> modules could be like appraising the integrity of any other file on the
> filesystem. All that would be needed is a new security hook, which is
> needed in anycase for IMA measurement.
The second patch in this series provides such a hook.
> [...]
> This method is a consistent and extensible approach to verifying the
> integrity of file data/metadata, including kernel modules. The only
> downside to this approach, I think, is that it requires changes to the
> userspace tool.
I'm fine with this -- it's an expected change that I'll pursue with
glibc, kmod, etc. Without the userspace changes, nothing will use the
new syscall. :) I've already got kmod (and older module-init-tools)
patched to do this locally.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/