Re: [QUESTION] Kprobes as a module?

From: Namhyung Kim
Date: Tue May 15 2012 - 21:50:01 EST

Next message: Shawn Guo: "Re: [PATCH 1/2] pinctrl: pinctrl-imx: add imx53 pinctrl driver"
Previous message: Joe Perches: "Re: [PATCH net-next 2/2] net: ipv4 and ipv6: Convertprintk(KERN_DEBUG to pr_debug"
In reply to: valdis . kletnieks: "Re: [QUESTION] Kprobes as a module?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Tue, 15 May 2012 15:52:15 -0400, valdis kletnieks wrote:
> On Tue, 15 May 2012 17:24:11 +0900, Namhyung Kim said:
>> Probably a dumb question :).
>> What prevents the kprobes from being built as a module? We want to use
>> the kprobes on our systems, but some guys worried about potential
>> security problems. So it'd be great if we can enable/load kprobes as
>> needed and then disable/unload after using it. Is it a possible senario?
>
> Any troublemaker who has the ability to set a kprobe would probably also
> have theability to just re-load the module before setting the kprobe (unless
> you go to a *lot* of trouble to compartmentalize the root user).
>
> So it's not clear there's a security benefit from making it a module. If anything,
> it makes it *worse* because you can then surprise a sysadmin who *thought*
> they were running a KPROBES=n kernel by loading a module and turning it on...

Right, thanks for your comment.

Namhyung
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shawn Guo: "Re: [PATCH 1/2] pinctrl: pinctrl-imx: add imx53 pinctrl driver"
Previous message: Joe Perches: "Re: [PATCH net-next 2/2] net: ipv4 and ipv6: Convertprintk(KERN_DEBUG to pr_debug"
In reply to: valdis . kletnieks: "Re: [QUESTION] Kprobes as a module?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]