Re: fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE?

From: Arvid Brodin
Date: Thu Nov 01 2012 - 16:30:09 EST

Next message: Sam Ravnborg: "Re: [PATCH V5 1/2] kbuild: centralize .dts->.dtb rule"
Previous message: Arvid Brodin: "Re: fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE?"
In reply to: Arvid Brodin: "Re: fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2012-10-30 22:22, Al Viro wrote:
> On Tue, Oct 30, 2012 at 09:02:33PM +0000, Arvid Brodin wrote:
>
>> +config PROC_TEXT_MD5SUM
>> + bool "/proc/<pid>/text_md5sum support"
>> + depends on PROC_FS
>> + select CRYPTO
>> + select CRYPTO_MD5
>> + help
>> + Read /proc/<pid>/text_md5sum to get the kernel to perform an MD5
>> + checksum over the process' text segment and print the result. Can be
>> + used to make sure a process' code has not been tampered with.
>
> Sorry, but this is pointless. Any attacker capable of modifying the code
> will be just as capable of modifying pointers to functions in data segment.
> IOW, you are not making sure of anything useful.

On 2012-10-30 22:23, Cyrill Gorcunov wrote:
> I don't think this increments security by any means. start/end-code are rather
> informative fields which are set when program being started, so one can ptrace
> it, alloc new exec area, put evil code there, tuneup cs:ip and restore original
> program contents, you won't even notice that.

You are both correct of course. Actually, I was kind of sloppy when I wrote the
Kconfig help text. The following more accurately describes the intended use. Would
this make the patch more acceptable?

+config PROC_TEXT_MD5SUM
+ bool "/proc/<pid>/text_md5sum support"
+ depends on PROC_FS
+ select CRYPTO
+ select CRYPTO_MD5
+ help
+ Read /proc/<pid>/text_md5sum to get the kernel to perform an MD5
+ checksum over the process' text segment and print the result. This
+ can detect some cases where the system RAM has been disturbed by
+ e.g. EMC or cosmic radiation (on systems where ECC is not available).
+ It might also detect some accidental or malicious modifications of
+ executables, where the perpetrator has not bothered to cover up the
+ tracks.

--
Arvid Brodin | Consultant (Linux)
XDIN AB | Knarrarnäsgatan 7 | SE-164 40 Kista | Sweden | xdin.com--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "Re: [PATCH V5 1/2] kbuild: centralize .dts->.dtb rule"
Previous message: Arvid Brodin: "Re: fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE?"
In reply to: Arvid Brodin: "Re: fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]