Per-system-call kernel-stack offset randomization
Per-system-call kernel-stack offset randomization
Posted Mar 31, 2020 5:44 UTC (Tue) by geuder (subscriber, #62854)In reply to: Per-system-call kernel-stack offset randomization by mjg59
Parent article: Per-system-call kernel-stack offset randomization
Thanks for your reply, this is indeed a very interesting use case. A strict interpretation of regulation would require us to use that at my work every day.
So you are saying developers have root on their workstation, the daemon is running on their workstation, but still the developer cannot prevent that auditing record to be written to the correct, persistent and unmodifiable log for every usage of the credentials?
In practice we would need to solve much more fundamental problems in user space than preventing root from getting kernel stack addresses to prevent them from copying and modifying the daemon. Or having the audit records written to a wrong location where an auditor will not find them. Do you have a pointer to the overall design of such a system?