User: Password:
Subscribe / Log in / New account


Integrity management using Intel TXT

By Jake Edge
April 1, 2009

Being able to verify that the code running on a system is the "correct" code is an important feature for some environments. The Linux integrity management architecture (IMA) patches—recently merged for 2.6.30—look at the integrity of processes as they are started by the kernel. But that requires running on a "good" kernel. So a patch, recently put out for comments on linux-kernel, proposes a lower-level mechanism which uses Intel's Trusted Execution Technology (TXT) to verify the integrity of the kernel itself.

Whereas the IMA lives completely within the Linux kernel, but uses Trusted Platform Module (TPM) hardware to check and enforce the integrity of code that is executed, the TXT-based integrity system interposes a virtual machine monitor (VMM or hypervisor) between the hardware and the kernel. This hypervisor, called Trusted Boot or tboot interacts with the TXT hardware, which is contained in various recent Intel chipsets, to verify the integrity of the kernel before launching it.

The TXT hardware can itself verify the integrity of many of the firmware components (things like BIOS and option ROMs) that must be assumed when using IMA. In their introductory post, Joseph Cihula and Shane Wang of Intel describe the advantages of a TXT-based integrity system as follows:

To get trust in the initial kernel without using Intel TXT, a static root of trust must be used. This bases trust in BIOS starting at system reset and requires measurement of all code executed between system reset through the completion of the kernel boot as well as data objects used by that code. In the case of a Linux kernel, this means all of BIOS, any option ROMs, the bootloader and the boot config. In practice, this is a lot of code/data, much of which is subject to change from boot to boot (e.g. changing NICs may change option ROMs). Without reference hashes, these measurement changes are difficult to assess or confirm as benign. This process also does not provide DMA protection, memory configuration/alias checks and locks, crash protection, or policy support.

By using the hardware-based root of trust that Intel TXT provides, many of these issues can be mitigated. Specifically: many pre-launch components can be removed from the trust chain, DMA protection is provided to all launched components, a large number of platform configuration checks are performed and values locked, protection is provided for any data in the event of an improper shutdown, and there is support for policy-based execution/verification. This provides a more stable measurement and a higher assurance of system configuration and initial state than would be otherwise possible. Since the tboot project is open source, source code for almost all parts of the trust chain is available (excepting SMM and Intel-provided firmware).

It is interesting that they mention system management mode (SMM) as that has recently been the target of some research on undetectable rootkits. The kind of malware described in the research could subvert even TXT-based integrity systems.

In a followup post, Cihula and Wang describe in some detail how TXT, tboot, and the kernel cooperate to make it all work. Tboot is loaded by the bootloader—typically grub—as the "kernel". The grub.conf file lists the Linux kernel and Intel-supplied binary-only "authenticated code module" as "modules" that get loaded as well. For those who wish it, tboot also supports launching the Xen hypervisor, instead of the Linux kernel, as the guest. Tboot then does all of the setup necessary to determine if the TXT environment is present and configured correctly, if not, it just launches the kernel as usual. But if it finds a proper TXT environment, it initiates the integrity checking and verifies the hardware environment.

At that point, user-defined policies are consulted to determine the how to verify the integrity of the kernel and initial ramdisk (initrd) and what to do if verification fails. Tboot creates a shared page of memory and populates it with some data about itself for the kernel to use. The physical address of the shared page is passed to the kernel as a boot parameter. The kernel then maps that page as part of the boot process.

The shared page is also used by the kernel to communicate its intent to move to one of the sleep states of the processor. Instead of directly sleeping, it informs tboot of all of the relevant ACPI data via the shared page and jumps into tboot via a vector listed in the page. When going into the standby (suspend to RAM or S3) sleep, additional steps are taken to ensure the memory integrity across the S3 boundary. This is done by calculating a hash value over critical memory regions (kernel code and data as well as the S3 resume code) and signing it using the TPM. The user-supplied tboot policies determine what actions to take if the RAM verification fails upon coming out of S3.

The patch itself is relatively small and comments on it nearly non-existent. While it provides a potentially interesting protection against various attack scenarios, it also adds a layer underneath the kernel. In addition, there are some binary components to tboot that may raise some eyebrows. It will be interesting to see what kind of reception it gets, once folks start looking at it.

Comments (1 posted)

Brief items

An update on the Fedora August 2008 intrusion

The Fedora project has sent out an update on last August's intrusion; there is quite a bit more information here now. "The compromise was not the result of a software vulnerability, and as we have previously stated, our investigation has revealed no such vulnerabilities. Instead, the intruder took a copy of a SSH private key which was not secured with a passphrase from a system outside the Fedora infrastructure. The intruder then used that key, which belonged to a Fedora administrator, to access Fedora systems."

Full Story (comments: 27)

Vast Spy System Loots Computers in 103 Countries (New York Times)

The New York Times broke the story of "GhostNet", a globe-spanning infiltration of computers, most of which are controlled by various governments. In investigating malware at the offices of the Dalai Lama, security researchers found a much larger operation. "Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York. [...] The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries."

Comments (7 posted)

New vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2009-0193 CVE-2009-0658 CVE-2009-0927 CVE-2009-0928 CVE-2009-1061 CVE-2009-1062
Created:March 27, 2009 Updated:April 21, 2009
Description: From the SUSE advisory: Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files.
SuSE SUSE-SR:2009:009 openswan/strongswan, clamav, gstreamer-0_10-plugins-base, gnome-panel, postgresql, acroread_ja, ghostscript-devel, xine-devel/libxine-devel, moodle, gnutls, udev 2009-04-21
SuSE SUSE-SA:2009:014 acroread 2009-03-27
Gentoo 200904-17 acroread 2009-04-18

Comments (none posted)

auth2db: SQL injection

Package(s):auth2db CVE #(s):
Created:March 30, 2009 Updated:April 1, 2009

From the Debian advisory:

It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an SQL injection vulnerability, when used with multibyte character encodings.

Debian DSA-1757-1 auth2db 2009-03-30

Comments (none posted)

firefox: remote code execution

Package(s):epiphany CVE #(s):CVE-2009-1169 CVE-2009-1044
Created:March 28, 2009 Updated:April 20, 2009
Description: Versions of the firefox browser through 3.0.7 suffer from two remote code execution vulnerabilities; one of them was used to win the 2009 CanSecWest Pwn2Own contest and has active exploits circulating. The 3.0.8 release closes the holes.
Gentoo 201301-01 firefox 2013-01-07
SuSE SUSE-SA:2009:023 MozillaFirefox 2009-04-20
CentOS CESA-2009:0397 firefox 2009-04-09
Mandriva MDVSA-2009:084 firefox 2009-04-01
Fedora FEDORA-2009-3161 seamonkey 2009-03-30
Fedora FEDORA-2009-3101 seamonkey 2009-03-30
Fedora FEDORA-2009-3100 devhelp 2009-03-28
Fedora FEDORA-2009-3100 pcmanx-gtk2 2009-03-28
Fedora FEDORA-2009-3100 evolution-rss 2009-03-28
Fedora FEDORA-2009-3100 blam 2009-03-28
Fedora FEDORA-2009-3100 Miro 2009-03-28
Fedora FEDORA-2009-3100 xulrunner 2009-03-28
Fedora FEDORA-2009-3100 yelp 2009-03-28
Fedora FEDORA-2009-3100 epiphany-extensions 2009-03-28
Fedora FEDORA-2009-3100 epiphany 2009-03-28
Fedora FEDORA-2009-3100 mozvoikko 2009-03-28
Fedora FEDORA-2009-3100 google-gadgets 2009-03-28
Fedora FEDORA-2009-3100 ruby-gnome2 2009-03-28
Fedora FEDORA-2009-3100 kazehakase 2009-03-28
Fedora FEDORA-2009-3100 galeon 2009-03-28
Fedora FEDORA-2009-3100 gnome-python2-extras 2009-03-28
Fedora FEDORA-2009-3100 gnome-web-photo 2009-03-28
Fedora FEDORA-2009-3100 gecko-sharp2 2009-03-28
Fedora FEDORA-2009-3100 mugshot 2009-03-28
Fedora FEDORA-2009-3100 firefox 2009-03-28
Debian DSA-1756-1 xulrunner 2009-03-29
CentOS CESA-2009:0398 seamonkey 2009-03-28
Fedora FEDORA-2009-3099 xulrunner 2009-03-28
Fedora FEDORA-2009-3099 totem 2009-03-28
Fedora FEDORA-2009-3099 mozvoikko 2009-03-28
Fedora FEDORA-2009-3099 mugshot 2009-03-28
Fedora FEDORA-2009-3099 gnome-python2-extras 2009-03-28
Fedora FEDORA-2009-3099 devhelp 2009-03-28
Fedora FEDORA-2009-3099 blam 2009-03-28
Ubuntu USN-745-1 firefox, firefox-3.0, xulrunner-1.9 2009-03-28
Slackware SSA:2009-086-01 mozilla-firefox 2009-03-28
Red Hat RHSA-2009:0398-01 seamonkey 2009-03-27
Red Hat RHSA-2009:0397-01 firefox 2009-03-27
Fedora FEDORA-2009-3099 chmsee 2009-03-28
Fedora FEDORA-2009-3099 Miro 2009-03-28
Fedora FEDORA-2009-3099 google-gadgets 2009-03-28
Fedora FEDORA-2009-3099 epiphany-extensions 2009-03-28
Fedora FEDORA-2009-3099 gnome-web-photo 2009-03-28
Fedora FEDORA-2009-3099 firefox 2009-03-28
Fedora FEDORA-2009-3099 kazehakase 2009-03-28
Fedora FEDORA-2009-3099 gtkmozembedmm 2009-03-28
Fedora FEDORA-2009-3099 yelp 2009-03-28
Fedora FEDORA-2009-3099 galeon 2009-03-28
Fedora FEDORA-2009-3099 epiphany 2009-03-28
SuSE SUSE-SA:2009:022 MozillaFirefox 2009-04-20

Comments (none posted)

java-1.6.0-sun: multiple vulnerabilities

Package(s):java-1.6.0-sun CVE #(s):CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107
Created:March 26, 2009 Updated:November 18, 2009
Description: Java 1.6.0 has a long list of vulnerabilities. From the Red Hat alert:

CVE-2006-2426 Untrusted applet causes DoS by filling up disk space

CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service

CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service

CVE-2009-1094 OpenJDK LDAP client remote code execution

CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability

CVE-2009-1102 OpenJDK code generation vulnerability

CVE-2009-1097 OpenJDK PNG processing buffer overflow vulnerability

CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability

CVE-2009-1099 OpenJDK: Type1 font processing buffer overflow vulnerability

CVE-2009-1100 OpenJDK: DoS (disk consumption) via handling of temporary font files

CVE-2009-1103 OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets"

CVE-2009-1104 OpenJDK: Intended access restrictions bypass via LiveConnect

CVE-2009-1105 OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE

CVE-2009-1106 OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass)

CVE-2009-1107 OpenJDK: Signed applet remote misuse possibility

Red Hat RHSA-2009:1198-02 java-1.6.0-ibm 2009-08-06
Mandriva MDVSA-2009:162 java-1.6.0-openjdk 2009-07-28
SuSE SUSE-SA:2009:036 java-1_6_0-ibm 2009-07-02
Mandriva MDVSA-2009:137 java-1.6.0-openjdk 2009-06-20
Gentoo 200911-02 sun-jre-bin 2009-11-17
SuSE SUSE-SR:2009:011 java, realplayer, acroread, apache2-mod_security2, cyrus-sasl, wireshark, ganglia-monitor-core, ghostscript-devel, libwmf, libxine1, net-snmp, ntp, openssl 2009-06-09
SuSE SUSE-SA:2009:029 IBM 2009-05-25
Red Hat RHSA-2009:1038-01 java-1.5.0-ibm 2009-05-18
Debian DSA-1769-1 openjdk-6 2009-04-11
CentOS CESA-2009:0377 java-1.6.0-openjdk 2009-04-08
Red Hat RHSA-2009:0377-01 java-1.6.0-openjdk 2009-04-07
SuSE SUSE-SA:2009:016 Java 2009-04-03
Ubuntu USN-748-1 openjdk-6 2009-03-26
Red Hat RHSA-2009:0394-01 java-1.5.0-sun 2009-03-26
Red Hat RHSA-2009:0392-01 java-1.6.0-sun 2009-03-26

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-0778
Created:April 1, 2009 Updated:February 3, 2010

From the Red Hat advisory:

Memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important)

Red Hat RHSA-2010:0079-01 kernel 2010-02-02
CentOS CESA-2009:0326 kernel 2009-04-01
Red Hat RHSA-2009:0326-01 kernel 2009-04-01

Comments (none posted)

krb5: denial of service

Package(s):krb5 CVE #(s):CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847
Created:March 30, 2009 Updated:January 14, 2010

From the Mandriva advisory:

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845).

From the Red Hat advisory:

An input validation flaw was found in the ASN.1 (Abstract Syntax Notation One) decoder used by MIT Kerberos. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer. (CVE-2009-0846)

Multiple input validation flaws were found in the MIT Kerberos GSS-API library's implementation of the SPNEGO mechanism. A remote attacker could use these flaws to crash any network service utilizing the MIT Kerberos GSS-API library to authenticate users or, possibly, leak portions of the service's memory. (CVE-2009-0844, CVE-2009-0845)

Mandriva MDVSA-2010:005 krb5 2010-01-13
Mandriva MDVSA-2009:098-1 krb5 2009-12-08
Mandriva MDVSA-2009:098 krb5 2009-04-27
Debian DSA-1766-1 krb5 2009-04-09
Gentoo 200904-09 mit-krb5 2009-04-08
Ubuntu USN-755-1 krb5 2009-04-07
SuSE SUSE-SA:2009:019 krb5 2009-04-08
CentOS CESA-2009:0408 krb5 2009-04-08
CentOS CESA-2009:0409 krb5 2009-04-07
CentOS CESA-2009:0410 krb5 2009-04-07
Fedora FEDORA-2009-2852 krb5 2009-03-18
Fedora FEDORA-2009-2834 krb5 2009-03-18
rPath rPSA-2009-0058-1 krb5 2009-04-07
Red Hat RHSA-2009:0410-01 krb5 2009-04-07
Red Hat RHSA-2009:0409-01 krb5 2009-04-07
Red Hat RHSA-2009:0408-01 krb5 2009-04-07
Mandriva MDVSA-2009:082 krb5 2009-03-30

Comments (none posted)

nss-ldapd: insecure config file creation

Package(s):nss-ldapd CVE #(s):CVE-2009-1073
Created:March 31, 2009 Updated:April 1, 2009
Description: From the Debian advisory: Leigh James that discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server.
Debian DSA-1758-1 nss-ldapd 2009-03-30

Comments (none posted)

openssl: denial of service

Package(s):openssl CVE #(s):CVE-2009-0590
Created:March 31, 2009 Updated:July 27, 2011
Description: From the Ubuntu advisory: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
SUSE SUSE-SU-2011:0847-1 compat-openssl097g 2011-07-27
openSUSE openSUSE-SU-2011:0845-1 compat-openssl097g 2011-07-27
CentOS CESA-2010:0163 openssl 2010-03-25
Red Hat RHSA-2010:0163-01 openssl 2010-03-25
CentOS CESA-2009:1335 openssl 2009-09-15
Red Hat RHSA-2009:1335-02 openssl 2009-09-02
SuSE SUSE-SR:2009:010 firefox apport evolution freetype2 java_1_4_2-ibm kdegraphics3 libopenssl libsoup xulrunner opensc python-crypto unbound xpdf 2009-05-12
Slackware SSA:2009-098-01 openssl 2009-04-08
Gentoo 200904-08 openssl 2009-04-07
Debian DSA-1763-1 openssl 2009-04-06
Mandriva MDVSA-2009:087 openssl 2009-04-03
rPath rPSA-2009-0057-1 m2crypto 2009-04-03
Ubuntu USN-750-1 openssl 2009-03-30

Comments (none posted)

openswan: denial of service

Package(s):openswan CVE #(s):CVE-2009-0790
Created:March 30, 2009 Updated:September 12, 2013

From the Red Hat advisory:

Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. (CVE-2009-0790)

Mandriva MDVSA-2013:231 openswan 2013-09-12
Gentoo 200909-05 openswan 2009-09-09
SuSE SUSE-SR:2009:009 openswan/strongswan, clamav, gstreamer-0_10-plugins-base, gnome-panel, postgresql, acroread_ja, ghostscript-devel, xine-devel/libxine-devel, moodle, gnutls, udev 2009-04-21
CentOS CESA-2009:0402 openswan 2009-04-09
Debian DSA-1760-1 openswan 2009-03-30
Debian DSA-1759-1 strongswan 2009-03-30
Red Hat RHSA-2009:0402-01 openswan 2009-03-30

Comments (none posted)

systemtap: race condition

Package(s):systemtap CVE #(s):CVE-2009-0784
Created:March 26, 2009 Updated:April 2, 2009
Description: systemtap has a race condition vulnerability. From the Debian alert:

Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group.

CentOS CESA-2009:0373 systemtap 2009-03-26
Red Hat RHSA-2009:0373-01 systemtap 2009-03-26
Debian DSA-1755-1 systemtap 2009-03-25

Comments (1 posted)

Page editor: Jake Edge
Next page: Kernel development>>

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds