On Sat, Nov 20, 2010 at 04:15:51PM -0500, Kyle McMartin wrote: > On Fri, Nov 19, 2010 at 11:14:39PM +0000, Richard W.M. Jones wrote: > > Kyle, > > > > From latest Rawhide kernel.rpm: > > > > * Wed Nov 17 2010 Kyle McMartin <kyle@xxxxxxxxxx> > > - Make vmlinuz/System.map root read-write only by default. You can > > just chmod 644 them later if you (unlikely) need them without root. > > > > This completely breaks libguestfs. We need to be able to read the > > kernel image in order to boot it in qemu as a non-root user. > > > > What's the motivation for this change? > > Preventing rootkits from being able to trivially find addresses. Thank you, I found the LKML thread in the end: http://lwn.net/SubscriberLink/415603/d963e2f5078ba880/ The thing is, we really need to be able to boot a kernel in qemu as non-root, and carrying around a separately compiled or packaged kernel is in nobody's interest. I'm fairly sure this won't be the only application to break. We found it first because we are compiling and booting Rawhide in qemu virtually daily (so we tend to find any kernel or qemu problems very quickly -- it's the bain of my life). But I bet others will be needing to read those files. Also, I do think this smacks a bit of security through obscurity .. after all, the files that are being 'protected' here are being carried on a hundred or more mirror sites. It's the worst-kept secret :-) In the worst case all an attacker needs to do is to carry around a map of kernel version -> symbol address. At best if they can inject a little bit of shell code into the kernel, it's easy to search for the symbol table and from there to get to any symbol they need (some time ago I wrote some code to do exactly this[1]). Avi suggested on LKML that the kernel could be relocated to a random address at boot. Sounds like a better idea to me if that would work. Rich. [1] http://git.annexia.org/?p=virt-mem.git;a=tree;f=lib;hb=HEAD -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
