[Ksummit-discuss] [CORE TOPIC] [TECH TOPIC] live kernel patching

Kees Cook keescook at chromium.org
Tue May 6 13:18:35 UTC 2014


On Tue, May 6, 2014 at 12:05 AM, Jiri Kosina <jkosina at suse.cz> wrote:
> On Mon, 5 May 2014, Kees Cook wrote:
>
>> I'm very interested in this, especially as it may relate to security
>> exploit mitigation work, both in the sense of being able to arbitrarily
>> patch the kernel against flaws, and to defend against attackers being
>> able to ... er ... arbitrarily patch the kernel... :)
>
> :) Well, for performing the patching, the attacker would either have to be
> able to modprobe module (kpatch, kgraft, ksplice) or kexec to a new kernel
> (criu-based solution). In either case, the system would be owned anyway
> already, independently on any live patching mechanism.

Right -- this is the current limitation with this kind of thing. I'd
like to have both arbitrarily module loading blocked and the ability
to load generated modules at a later time. I'm hoping there can be
some discussion around providing a verification process for the newly
created modules (e.g. signing the module on a separate machine that
has private key material, etc).

-Kees

-- 
Kees Cook
Chrome OS Security


More information about the Ksummit-discuss mailing list