Re: [patch] Add basic sanity checks to the syscall execution patch [LWN.net]

From:		Pavel Machek <pavel-AT-suse.cz>
To:		Ingo Molnar <mingo-AT-elte.hu>
Subject:		Re: [patch] Add basic sanity checks to the syscall execution patch
Date:		Sun, 7 Sep 2008 14:53:31 +0200
Message-ID:		<20080907125331.GA1707@elf.ucw.cz>
Cc:		Willy Tarreau <w-AT-1wt.eu>, Benjamin Herrenschmidt <benh-AT-kernel.crashing.org>, pageexec-AT-freemail.hu, Andi Kleen <andi-AT-firstfloor.org>, Arjan van de Ven <arjan-AT-infradead.org>, linux-kernel-AT-vger.kernel.org, tglx-AT-tglx.de, hpa-AT-zytor.com
Archive-link:		Article, Thread

On Sat 2008-09-06 17:45:51, Ingo Molnar wrote:
> 
> * Willy Tarreau <w@1wt.eu> wrote:
> 
> > Then they will simply proceed like this :
> >   - patch /boot/vmlinuz
> >   - sync
> >   - crash system
> > 
> > => user says "oh crap" and presses the reset button. Patched kernel boots.
> >    Game over. Patching vmlinuz for known targetted distros is even easier
> >    because the attacker just has to embed binary changes for the most
> >    common distro kernels.
> 
> a reboot often raises attention. But yes, in terms of end user boxes, 
> probably not. Anyway, my points were about transparent rootkits 
> installed on a running system without anyone noticing - obviously if the 
> attacker can modify the kernel image and the user does not mind a reboot 
> it's game over.

Well, install a rootkit in /boot/vmlinuz, sync, then wait for user to
reboot its system?

Even well-kept servers are rebooted from time to time.

I agree -- the only way to win is not to play this game.

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo...

(Log in to post comments)