[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emergency Unmount...

To: sponge@laser.dsi.unimi.it
Subject: Re: Emergency Unmount...
From: Erik Mouw <J.A.K.Mouw@ITS.TUDelft.NL>
Date: Wed, 4 Apr 2001 13:30:38 +0200
Cc: Kernel Newbies Mailing List <kernelnewbies@nl.linux.org>
In-Reply-To: <20010404115501.A22268@zion.laser.dsi.unimi.it>; from sponge@tiscalinet.it on Wed, Apr 04, 2001 at 11:55:02AM +0200
Organization: Eric Conspiracy Secret Labs
References: <20010404115501.A22268@zion.laser.dsi.unimi.it>
Sender: owner-kernelnewbies@nl.linux.org
User-Agent: Mutt/1.2.5i

On Wed, Apr 04, 2001 at 11:55:02AM +0200, Perego Paolo wrote:
> Hi guys. In the kernel module I'm writing, I must unmount all the devices
> before call the panic() function when an illegal root tryies to rmmod my
> module. I'm dealing with security questions such as bof preventions, and I
> don't want that someone gaining root privileges ( e.g. with a compromise )
> could remove my module without entering a password in a char device. 
> The password locking is already done, but I want to halt the machine if the
> password mismatched and the illegal root call "rmmod".

Hmm, security through obscurity has never been a good idea, and it's
quite easy to work around your "protection" scheme. Once I gain root
privileges on the machine I just use /proc/kcore, /dev/mem, and
/dev/kmem to get rid of your module without even using rmmod. Besides,
passwords in a kernel, that smells like policy...

This approach has been discussed several times in the past on
linux-kernel, and the bottom line is that once a malicious user gains
root access on the system, you're toast anyway and nothing can prevent
him from trashing the system.

The best thing so far are the POSIX capabilities, in which each user
has a set of capabilities. For example, a user with CAP_SYS_MODULE has
the capability to insert and remove modules. With capabilities you can
set up your system in such a way that normal users don't have
CAP_SETUID and CAP_SETGID so they can't gain root access. See
include/linux/capability.h for more information.

> So my question is: how can I walk throught the mounted block devices in order
> to unmount them fairly? I've alredy called sys_sync() to sync all the disks.

Have a look at the MAGIC_SYSRQ code which does exactly what you want
(alt-sysrq-u).

Erik

-- 
J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
of Electrical Engineering, Faculty of Information Technology and Systems,
Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J.A.K.Mouw@its.tudelft.nl
WWW: http://www-ict.its.tudelft.nl/~erik/
-
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/
IRC Channel:   irc.openprojects.net / #kernelnewbies
Web Page:      http://www.surriel.com/kernelnewbies.shtml

Follow-Ups:
- Re: Emergency Unmount...
  - From: Perego Paolo <sponge@tiscalinet.it>

References:
- Emergency Unmount...
  - From: Perego Paolo <sponge@tiscalinet.it>
- Emergency Unmount...
  - From: Perego Paolo <sponge@tiscalinet.it>

Prev by Date: Emergency Unmount...
Next by Date: Re: Emergency Unmount...
Prev by thread: Emergency Unmount...
Next by thread: Re: Emergency Unmount...
Index(es):
- Date
- Thread