* [QUESTION] Kprobes as a module? @ 2012-05-15 8:24 Namhyung Kim 2012-05-15 8:31 ` Cong Wang 2012-05-15 19:52 ` valdis.kletnieks 0 siblings, 2 replies; 7+ messages in thread From: Namhyung Kim @ 2012-05-15 8:24 UTC (permalink / raw) To: Masami Hiramatsu; +Cc: linux-kernel, Hyeoncheol Lee Hi, Probably a dumb question :). What prevents the kprobes from being built as a module? We want to use the kprobes on our systems, but some guys worried about potential security problems. So it'd be great if we can enable/load kprobes as needed and then disable/unload after using it. Is it a possible senario? Thanks, Namhyung ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module? 2012-05-15 8:24 [QUESTION] Kprobes as a module? Namhyung Kim @ 2012-05-15 8:31 ` Cong Wang 2012-05-15 8:34 ` Namhyung Kim 2012-05-15 19:52 ` valdis.kletnieks 1 sibling, 1 reply; 7+ messages in thread From: Cong Wang @ 2012-05-15 8:31 UTC (permalink / raw) To: Namhyung Kim; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee On 05/15/2012 04:24 PM, Namhyung Kim wrote: > Hi, > > Probably a dumb question :). > What prevents the kprobes from being built as a module? We want to use > the kprobes on our systems, but some guys worried about potential > security problems. So it'd be great if we can enable/load kprobes as > needed and then disable/unload after using it. Is it a possible senario? > Kconfig prevents that: config KPROBES bool "Kprobes" depends on MODULES depends on HAVE_KPROBES select KALLSYMS so you can have either CONFIG_KPROBES=y or CONFIG_KPROBES=n, but not =m. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module? 2012-05-15 8:31 ` Cong Wang @ 2012-05-15 8:34 ` Namhyung Kim 2012-05-15 12:18 ` Masami Hiramatsu 0 siblings, 1 reply; 7+ messages in thread From: Namhyung Kim @ 2012-05-15 8:34 UTC (permalink / raw) To: Cong Wang; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee Hi, On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote: > On 05/15/2012 04:24 PM, Namhyung Kim wrote: >> Hi, >> >> Probably a dumb question :). >> What prevents the kprobes from being built as a module? We want to use >> the kprobes on our systems, but some guys worried about potential >> security problems. So it'd be great if we can enable/load kprobes as >> needed and then disable/unload after using it. Is it a possible senario? >> > > Kconfig prevents that: > > config KPROBES > bool "Kprobes" > depends on MODULES > depends on HAVE_KPROBES > select KALLSYMS > > > so you can have either CONFIG_KPROBES=y or CONFIG_KPROBES=n, but not =m. Sorry for an inaccurate question, my point was "Can I change it from 'bool' to 'tristate'"? Thanks, Namhyung ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module? 2012-05-15 8:34 ` Namhyung Kim @ 2012-05-15 12:18 ` Masami Hiramatsu 2012-05-16 1:44 ` Namhyung Kim 0 siblings, 1 reply; 7+ messages in thread From: Masami Hiramatsu @ 2012-05-15 12:18 UTC (permalink / raw) To: Namhyung Kim; +Cc: Cong Wang, linux-kernel, Hyeoncheol Lee, yrl.pp-manager.tt Hi, No, actually you can't make it as a module. There are two major reasons. - ftrace depends on the kprobes now. - int3 handling routine is deeply depends on the architecture. This includes text modifying code. Thus, if you separate the kprobes into module, that means you need to expose more ugly interface of self modifying for kernel modules. (2012/05/15 17:34), Namhyung Kim wrote: > Hi, > > On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote: >> On 05/15/2012 04:24 PM, Namhyung Kim wrote: >>> Hi, >>> >>> Probably a dumb question :). >>> What prevents the kprobes from being built as a module? We want to use >>> the kprobes on our systems, but some guys worried about potential >>> security problems. So it'd be great if we can enable/load kprobes as >>> needed and then disable/unload after using it. Is it a possible senario? BTW, I'm not sure what the potential security problems on that? kprobes itself can be used only from kernel modules(except ftrace). If someone compromises kernel with kernel module, he doesn't need kprobes at all. They just can do anything they want. :) Thank you, -- Masami HIRAMATSU Software Platform Research Dept. Linux Technology Center Hitachi, Ltd., Yokohama Research Laboratory E-mail: masami.hiramatsu.pt@hitachi.com ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module? 2012-05-15 12:18 ` Masami Hiramatsu @ 2012-05-16 1:44 ` Namhyung Kim 0 siblings, 0 replies; 7+ messages in thread From: Namhyung Kim @ 2012-05-16 1:44 UTC (permalink / raw) To: Masami Hiramatsu Cc: Cong Wang, linux-kernel, Hyeoncheol Lee, yrl.pp-manager.tt Hi, On Tue, 15 May 2012 21:18:25 +0900, Masami Hiramatsu wrote: > No, actually you can't make it as a module. There are > two major reasons. > - ftrace depends on the kprobes now. > - int3 handling routine is deeply depends on > the architecture. This includes text modifying code. > > Thus, if you separate the kprobes into module, that means > you need to expose more ugly interface of self modifying > for kernel modules. > I see. > (2012/05/15 17:34), Namhyung Kim wrote: >> Hi, >> >> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote: >>> On 05/15/2012 04:24 PM, Namhyung Kim wrote: >>>> Hi, >>>> >>>> Probably a dumb question :). >>>> What prevents the kprobes from being built as a module? We want to use >>>> the kprobes on our systems, but some guys worried about potential >>>> security problems. So it'd be great if we can enable/load kprobes as >>>> needed and then disable/unload after using it. Is it a possible senario? > > BTW, I'm not sure what the potential security problems on that? > kprobes itself can be used only from kernel modules(except ftrace). > If someone compromises kernel with kernel module, he doesn't need > kprobes at all. They just can do anything they want. :) > Nevermind, it seems they just worried about what they don't know exactly. Anyway, thanks for your answer. Namhyung ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module? 2012-05-15 8:24 [QUESTION] Kprobes as a module? Namhyung Kim 2012-05-15 8:31 ` Cong Wang @ 2012-05-15 19:52 ` valdis.kletnieks 2012-05-16 1:48 ` Namhyung Kim 1 sibling, 1 reply; 7+ messages in thread From: valdis.kletnieks @ 2012-05-15 19:52 UTC (permalink / raw) To: Namhyung Kim; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee [-- Attachment #1: Type: text/plain, Size: 827 bytes --] On Tue, 15 May 2012 17:24:11 +0900, Namhyung Kim said: > Probably a dumb question :). > What prevents the kprobes from being built as a module? We want to use > the kprobes on our systems, but some guys worried about potential > security problems. So it'd be great if we can enable/load kprobes as > needed and then disable/unload after using it. Is it a possible senario? Any troublemaker who has the ability to set a kprobe would probably also have theability to just re-load the module before setting the kprobe (unless you go to a *lot* of trouble to compartmentalize the root user). So it's not clear there's a security benefit from making it a module. If anything, it makes it *worse* because you can then surprise a sysadmin who *thought* they were running a KPROBES=n kernel by loading a module and turning it on... [-- Attachment #2: Type: application/pgp-signature, Size: 865 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module? 2012-05-15 19:52 ` valdis.kletnieks @ 2012-05-16 1:48 ` Namhyung Kim 0 siblings, 0 replies; 7+ messages in thread From: Namhyung Kim @ 2012-05-16 1:48 UTC (permalink / raw) To: valdis.kletnieks; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee Hi, On Tue, 15 May 2012 15:52:15 -0400, valdis kletnieks wrote: > On Tue, 15 May 2012 17:24:11 +0900, Namhyung Kim said: >> Probably a dumb question :). >> What prevents the kprobes from being built as a module? We want to use >> the kprobes on our systems, but some guys worried about potential >> security problems. So it'd be great if we can enable/load kprobes as >> needed and then disable/unload after using it. Is it a possible senario? > > Any troublemaker who has the ability to set a kprobe would probably also > have theability to just re-load the module before setting the kprobe (unless > you go to a *lot* of trouble to compartmentalize the root user). > > So it's not clear there's a security benefit from making it a module. If anything, > it makes it *worse* because you can then surprise a sysadmin who *thought* > they were running a KPROBES=n kernel by loading a module and turning it on... Right, thanks for your comment. Namhyung ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-05-16 1:50 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-05-15 8:24 [QUESTION] Kprobes as a module? Namhyung Kim 2012-05-15 8:31 ` Cong Wang 2012-05-15 8:34 ` Namhyung Kim 2012-05-15 12:18 ` Masami Hiramatsu 2012-05-16 1:44 ` Namhyung Kim 2012-05-15 19:52 ` valdis.kletnieks 2012-05-16 1:48 ` Namhyung Kim
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.