Re: [QUESTION] Kprobes as a module?

From: valdis . kletnieks
Date: Tue May 15 2012 - 15:52:17 EST

Next message: Bjorn Helgaas: "Re: [PATCH 05/13] pci: New pci_acs_enabled()"
Previous message: Saravana Kannan: "Re: [PATCH] clk: Fix race conditions between clk_set_parent() andclk_enable()"
In reply to: Namhyung Kim: "Re: [QUESTION] Kprobes as a module?"
Next in thread: Namhyung Kim: "Re: [QUESTION] Kprobes as a module?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 15 May 2012 17:24:11 +0900, Namhyung Kim said:
> Probably a dumb question :).
> What prevents the kprobes from being built as a module? We want to use
> the kprobes on our systems, but some guys worried about potential
> security problems. So it'd be great if we can enable/load kprobes as
> needed and then disable/unload after using it. Is it a possible senario?

Any troublemaker who has the ability to set a kprobe would probably also
have theability to just re-load the module before setting the kprobe (unless
you go to a *lot* of trouble to compartmentalize the root user).

So it's not clear there's a security benefit from making it a module. If anything,
it makes it *worse* because you can then surprise a sysadmin who *thought*
they were running a KPROBES=n kernel by loading a module and turning it on...

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Bjorn Helgaas: "Re: [PATCH 05/13] pci: New pci_acs_enabled()"
Previous message: Saravana Kannan: "Re: [PATCH] clk: Fix race conditions between clk_set_parent() andclk_enable()"
In reply to: Namhyung Kim: "Re: [QUESTION] Kprobes as a module?"
Next in thread: Namhyung Kim: "Re: [QUESTION] Kprobes as a module?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]