Rawhide kernel image no longer readable

Richard W.M. Jones rjones at redhat.com
Sat Nov 20 23:01:34 UTC 2010


On Sat, Nov 20, 2010 at 04:15:51PM -0500, Kyle McMartin wrote:
> On Fri, Nov 19, 2010 at 11:14:39PM +0000, Richard W.M. Jones wrote:
> > Kyle,
> > 
> > From latest Rawhide kernel.rpm:
> > 
> > * Wed Nov 17 2010 Kyle McMartin <kyle at redhat.com>
> > - Make vmlinuz/System.map root read-write only by default. You can
> >   just chmod 644 them later if you (unlikely) need them without root.
> > 
> > This completely breaks libguestfs.  We need to be able to read the
> > kernel image in order to boot it in qemu as a non-root user.
> > 
> > What's the motivation for this change?
> 
> Preventing rootkits from being able to trivially find addresses.

Thank you, I found the LKML thread in the end:

http://lwn.net/SubscriberLink/415603/d963e2f5078ba880/

The thing is, we really need to be able to boot a kernel in qemu as
non-root, and carrying around a separately compiled or packaged kernel
is in nobody's interest.

I'm fairly sure this won't be the only application to break.  We found
it first because we are compiling and booting Rawhide in qemu
virtually daily (so we tend to find any kernel or qemu problems very
quickly -- it's the bain of my life).  But I bet others will be
needing to read those files.

Also, I do think this smacks a bit of security through obscurity ..
after all, the files that are being 'protected' here are being carried
on a hundred or more mirror sites.  It's the worst-kept secret :-)

In the worst case all an attacker needs to do is to carry around a map
of kernel version -> symbol address.  At best if they can inject a
little bit of shell code into the kernel, it's easy to search for the
symbol table and from there to get to any symbol they need (some time
ago I wrote some code to do exactly this[1]).

Avi suggested on LKML that the kernel could be relocated to a random
address at boot.  Sounds like a better idea to me if that would work.

Rich.

[1] http://git.annexia.org/?p=virt-mem.git;a=tree;f=lib;hb=HEAD

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw


More information about the devel mailing list