LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [patch] Add basic sanity checks to the syscall execution patch

[Posted September 10, 2008 by jake]

From:  Pavel Machek <pavel-AT-suse.cz>
To:  Ingo Molnar <mingo-AT-elte.hu>
Subject:  Re: [patch] Add basic sanity checks to the syscall execution patch
Date:  Sun, 7 Sep 2008 14:53:31 +0200
Message-ID:  <20080907125331.GA1707@elf.ucw.cz>
Cc:  Willy Tarreau <w-AT-1wt.eu>, Benjamin Herrenschmidt <benh-AT-kernel.crashing.org>, pageexec-AT-freemail.hu, Andi Kleen <andi-AT-firstfloor.org>, Arjan van de Ven <arjan-AT-infradead.org>, linux-kernel-AT-vger.kernel.org, tglx-AT-tglx.de, hpa-AT-zytor.com
Archive-link:  Article, Thread 

On Sat 2008-09-06 17:45:51, Ingo Molnar wrote:
> 
> * Willy Tarreau <w@1wt.eu> wrote:
> 
> > Then they will simply proceed like this :
> >   - patch /boot/vmlinuz
> >   - sync
> >   - crash system
> > 
> > => user says "oh crap" and presses the reset button. Patched kernel boots.
> >    Game over. Patching vmlinuz for known targetted distros is even easier
> >    because the attacker just has to embed binary changes for the most
> >    common distro kernels.
> 
> a reboot often raises attention. But yes, in terms of end user boxes, 
> probably not. Anyway, my points were about transparent rootkits 
> installed on a running system without anyone noticing - obviously if the 
> attacker can modify the kernel image and the user does not mind a reboot 
> it's game over.

Well, install a rootkit in /boot/vmlinuz, sync, then wait for user to
reboot its system?

Even well-kept servers are rebooted from time to time.

I agree -- the only way to win is not to play this game.

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds