Re: [RFC][PATCH] Randomize kernel base address on boot

From: Olivier Galibert
Date: Fri May 27 2011 - 18:02:01 EST

Next message: Valdis . Kletnieks: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 4/5] perf top: Handle kptr_restrict"
In reply to: david: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Next in thread: Valdis . Kletnieks: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 27, 2011 at 08:17:24PM +0200, Ingo Molnar wrote:
> - A root exploit will still not give away the location of the
> kernel (assuming module loading has been disabled after bootup),
> so a rootkit cannot be installed 'silently' on the system, into
> RAM only, evading most offline-storage-checking tools.
>
> With static linking this is not possible: reading the kernel image
> as root trivially exposes the kernel's location.

There's something I don't get there. If you managed to escalate your
priviledges enough that you have physical ram access, there's a
billion things you can do to find the kernel, including vector
tracing, pattern matching, looking at the page tables, etc.

What am I missing?

OG.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 4/5] perf top: Handle kptr_restrict"
In reply to: david: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Next in thread: Valdis . Kletnieks: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]