Dailydave mailing list archives
Re: VPC
From: don bailey <don.bailey () gmail com>
Date: Mon, 03 Mar 2008 09:53:13 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
2) On slides #54 you write: "The idea of putting the entire kernel as read-only seems good". Let me just point out that there is no such thing as "read-only kernel" -- kernel is a program, and as everyprogram italso needs to use and operate on *data* that change all the time and cannot be made read-only by definition. So even if you can force the kernel *code* to be read-only (which is a good idea indeed and digital signatures are useful in actually verifying this property), the kernel as a whole, is always read/write.For sure it's just about the kernel .text. Also it's a reference to PaX protections.
Lots of kernels use read-only .text pages in kernel land. The problem is that your architecture may not care. For those that are familiar with Solaris kernel hacking, you may be familiar with the hotpatch() kernel function that allows you to patch read-only segments of a running kernel. Second, digital signatures for segments of code (whether it's kernel code or an image stored on flash/etc) are really only valid when loading the code to verify its integrity. Constant monitoring of a segment of RAM for its signature is expensive. There are ways around this, of course, but the cost of implementation is great and you need specialized hardware. D http://kernelspace.us/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHzCzwyWX0NBMJYAcRAgajAJ4kUe0/j48CeF/ybzWpA8sFo3NMowCdHtzb c+DRRW3gALIjbHyqRNHrJYc= =szOw -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave