[lug] newbie question - rc.sysinit

D. Stimits stimits at idcomm.com
Fri Jul 13 18:03:32 MDT 2001 

Chris Riddoch wrote:
> 
> <snip>
> 
> Having followed this, and a couple other threads for a while, the idea
> of having signatures on kernel modules sounds almost feasable, except
> for a couple problems...
> 
> Someone with root access can look at any area of memory or the hard
> drive.  The private key has to be kept somewhere... and the
> passphrase, too, if you expect modules to be able to autoload without
> the administrator sitting in front of the keyboard.

Part of this is the art of steganography...hiding data within data. A
naive implementation might put the means to sign or verify signature in
an easily altered location. It should also be possible to force required
memory locations to be read only, enforced by cpu hardware. And the
kernel image itself should be protected by such a scheme, in case of
reboot.

> 
> Seems that the best way to really be secure about this would be to
> build a kernel *without* module support.  Is anybody quite sure that
> this would completely remove the ability to add modules?

You can, but some features are only available in modules. Then you still
have the problem of the kernel image itself being replaced, and
re-running lilo. This is one place where bios virus options can be used
to stop remote writes of boot sectors, but not of the image itself (it
is possible to force a replacement kernel to be put at the original
inode location, avoiding the problems of boot sector protection).

But a real win is not to cripple your machine, but to have it fully
available while still being problematic for script kiddies to crack.
There are not very many real experts that go around doing these things,
often it is someone with little knowledge and a script, or just moderate
knowledge capable of altering things on existing scripts. Once you use
steganography, the attacker will be seriously challenged.


> 
> Even then, I suppose, the infinitely-capable adversary could
> binary-patch the kernel's area of memory while it's running. Heh.

Yup. You could take steps to avoid that vulnerability though. Hiding the
data is one means, though there are others.

D. Stimits, stimits at idcomm.com

> 
> --
> Chris Riddoch         |  epistemological
> socket at peakpeak.com   |  humility
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list