Re: down to the core
On 29 Jul 2004, Arnt Karlsen wrote:
> On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message
>> --- Arnt Karlsen <firstname.lastname@example.org> wrote:
>>> On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message
>>>> One thing which will *not* enhance security, but is often claimed
>>>> to do so, is disabling kernel modules. Even if you don't use
>>>> them, an attacker with root privileges can still insert code into
>>>> the running kernel successfully, with the same result as loading a
>>>> kernel module.
>>> ..this would requires the presence of the loadable module,
>>> or _could_ the attacker provide it?
>> You need root todo module loading. With root you can also change
>> kernel memory, so yes you could force a module to load. It would be
>> simpler just to add the missing code you need to the running kernel
>> and then link it in. None the less if you have root access the only
>> reason you might need to load any kernel side code is for DMA or
>> handeling HW interupts. Since it's unlikely that an attacker would
>> need or even care to do these things the point is moot. Bottome line
>> is if an attacker gets root it's ALL over, they can install any
>> software thay might need.
> ..so basically, this boils down to whether or not it is
> possible to grab root with some kinda netcat stunt.
It boils down to this:
1. Linking a kernel module can be done in userspace.
2. Root can write to kernel memory.
Thus, root can install a kernel module without the kernel module loader,
if that is desired.
Not as easy, of course, but still possible.
I used to be the first kid on the block wanting a cranial implant,
now I want to be the first with a cranial firewall.
-- Charlie Stross