[indiana-discuss] Free (freelist) 1717987020927 pages
Dennis Clarke
blastwave at gmail.com
Tue Jul 1 14:58:11 PDT 2008
On Tue, Jul 1, 2008 at 9:40 PM, Mike Gerdts <mgerdts at gmail.com> wrote:
> On Tue, Jul 1, 2008 at 11:53 AM, Dennis Clarke <blastwave at gmail.com> wrote:
>> As a side note, and tangential to this discussion, I have long felt
>> that we need a md5hash database in the system that would prevent this
>> sort of hackery from taking place and making a change to a system
>> state via some hacked up binary. Making a change to the kernel should
>> be a strict no no .. but it is possible.
>
> Excellent idea!
>
> $ elfsign verify /kernel/kmdb/sparcv9/genunix
> elfsign: verification of /kernel/kmdb/sparcv9/genunix passed.
# ls -lap /etc/crypto/certs
total 20
drwxr-xr-x 2 root sys 512 Apr 16 17:14 ./
drwxr-xr-x 4 root sys 512 Apr 16 17:48 ../
-rw-r--r-- 1 root sys 1194 Jan 21 2005 CA
-rw-r--r-- 2 root sys 1761 Mar 12 04:12 SUNWObjectCA
-rw-r--r-- 1 root sys 1665 Jan 21 2005 SUNW_SunOS_5.10
-rw-r--r-- 1 root sys 1591 Aug 9 2007 SUNW_SunOS_5.11_Limited
# elfsign verify -v /kernel/kmdb/sparcv9/genunix
elfsign: verification of /kernel/kmdb/sparcv9/genunix passed.
format: rsa_md5_sha1.
signer: CN=SunOS 5.10, OU=Solaris Signed Execution, O=Sun Microsystems Inc.
#
I'm not sure how that works but I can only guess that it does. If I
hack up the kernel with a hex editor I don't see how GRUB ( on x86 )
is going to catch that and stop the boot process.
>
> $ elfdump /kernel/kmdb/sparcv9/genunix
> ...
> Section Header[19]: sh_name: .SUNW_signature
> sh_addr: 0 sh_flags: [ SHF_EXCLUDE ]
> sh_size: 0x10e sh_type: [ SHT_SUNW_SIGNATURE ]
> sh_offset: 0xd897e sh_entsize: 0
> sh_link: 0 sh_info: 0
> sh_addralign: 0x1
> ...
>
> I thought bits were around or coming to only execute those things with
> a valid signature.
could be .. I don't really know
Dennis
More information about the indiana-discuss
mailing list