Subject: Re: writing secure kernel modules
To: None <xs@kittenz.org>
From: Piotr Stolc <socrtp@sedez.iq.pl>
List: tech-kern
Date: 03/22/2002 19:14:33
On Fri, Mar 22, 2002 at 04:30:43PM +0000, xs@kittenz.org wrote:
> Cool. I did something similar a while ago. I filed it as a PR at:
> http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=14282

I'll check it tomorrow, now I don't have time :(
Some time ago I also wrote similar patch, but I didn't publish it. And I
also used sysctl to set GID :)

But now I want to implement some more or less paranoid security improvements
in a module. IMHO it is more clear and comfortable than patching the kernel.
But before I'll do it, I want to learn something about avoiding some common
security holes in kernel modules.
I also think about controlling it's options with something similar to sysctl.
AFAIR NetBSD's sysctl has every entry compiled in statically, so is it
possible to add some entries to sysctl from kernel module?

> Doesn't "w" misreport stale utmp entries?

Yes.

> I think both my patch and your module fail when procfs is used and also when

Yes. I don't know people who use procfs on NetBSD, but I think patching it
is a little work for few minutes.

> kern.proc* isn't used (eg, direct kmem accesses, yuck.)

Yes, but I didn't found such programs that looks for the process table at
/dev/kmem in NetBSD.


-- 

brain defragmentation in progress