[Dailydave] VPC
don bailey
don.bailey at gmail.com
Mon Mar 3 11:53:13 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> 2) On slides #54 you write: "The idea of putting the entire kernel as
>> read-only seems good".
>> Let me just point out that there is no such thing
>> as "read-only kernel" -- kernel is a program, and as every
> program it
>> also needs to use and operate on *data* that change all the time and
>> cannot be made read-only by definition. So even if you can force the
>> kernel *code* to be read-only (which is a good idea indeed and digital
>> signatures are useful in actually verifying this property), the kernel
>> as a whole, is always read/write.
>
> For sure it's just about the kernel .text. Also it's a reference to PaX
> protections.
>
Lots of kernels use read-only .text pages in kernel land. The problem is
that your architecture may not care. For those that are familiar with
Solaris kernel hacking, you may be familiar with the hotpatch() kernel
function that allows you to patch read-only segments of a running kernel.
Second, digital signatures for segments of code (whether it's kernel
code or an image stored on flash/etc) are really only valid when loading
the code to verify its integrity. Constant monitoring of a segment of
RAM for its signature is expensive. There are ways around this, of
course, but the cost of implementation is great and you need specialized
hardware.
D
http://kernelspace.us/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHzCzwyWX0NBMJYAcRAgajAJ4kUe0/j48CeF/ybzWpA8sFo3NMowCdHtzb
c+DRRW3gALIjbHyqRNHrJYc=
=szOw
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list