RCU and Unloadable Modules
Posted Jan 26, 2007 21:47 UTC (Fri) by ortalo
In reply to: RCU and Unloadable Modules
Parent article: RCU and Unloadable Modules
IIRC I posted the comment erroneously (I wanted to post it on the previous article: "KHB: Recovering Device Drivers: From Sandboxing to Surviving").
Anyway, my idea was that regular device drivers modules are usually associated with hardware management and loaded according to some hardware-related event (possibly kernel-controlled in the first place). So you can build something where such kernel code could be trusted, even if loaded dynamically.
However, with a security orientation, one usually try to refrain from using admnistrator-loadable modules in order to avoid that a successful attack enables the attacker to install kernel level backdoors (nearly impossible to detect).
to post comments)