All of lore.kernel.org
 help / color / mirror / Atom feed
* [QUESTION] Kprobes as a module?
@ 2012-05-15  8:24 Namhyung Kim
  2012-05-15  8:31 ` Cong Wang
  2012-05-15 19:52 ` valdis.kletnieks
  0 siblings, 2 replies; 7+ messages in thread
From: Namhyung Kim @ 2012-05-15  8:24 UTC (permalink / raw)
  To: Masami Hiramatsu; +Cc: linux-kernel, Hyeoncheol Lee

Hi,

Probably a dumb question :).
What prevents the kprobes from being built as a module? We want to use
the kprobes on our systems, but some guys worried about potential
security problems. So it'd be great if we can enable/load kprobes as
needed and then disable/unload after using it. Is it a possible senario?

Thanks,
Namhyung

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module?
  2012-05-15  8:24 [QUESTION] Kprobes as a module? Namhyung Kim
@ 2012-05-15  8:31 ` Cong Wang
  2012-05-15  8:34   ` Namhyung Kim
  2012-05-15 19:52 ` valdis.kletnieks
  1 sibling, 1 reply; 7+ messages in thread
From: Cong Wang @ 2012-05-15  8:31 UTC (permalink / raw)
  To: Namhyung Kim; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee

On 05/15/2012 04:24 PM, Namhyung Kim wrote:
> Hi,
>
> Probably a dumb question :).
> What prevents the kprobes from being built as a module? We want to use
> the kprobes on our systems, but some guys worried about potential
> security problems. So it'd be great if we can enable/load kprobes as
> needed and then disable/unload after using it. Is it a possible senario?
>

Kconfig prevents that:

config KPROBES
         bool "Kprobes"
         depends on MODULES
         depends on HAVE_KPROBES
         select KALLSYMS


so you can have either CONFIG_KPROBES=y or CONFIG_KPROBES=n, but not =m.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module?
  2012-05-15  8:31 ` Cong Wang
@ 2012-05-15  8:34   ` Namhyung Kim
  2012-05-15 12:18     ` Masami Hiramatsu
  0 siblings, 1 reply; 7+ messages in thread
From: Namhyung Kim @ 2012-05-15  8:34 UTC (permalink / raw)
  To: Cong Wang; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee

Hi,

On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote:
> On 05/15/2012 04:24 PM, Namhyung Kim wrote:
>> Hi,
>>
>> Probably a dumb question :).
>> What prevents the kprobes from being built as a module? We want to use
>> the kprobes on our systems, but some guys worried about potential
>> security problems. So it'd be great if we can enable/load kprobes as
>> needed and then disable/unload after using it. Is it a possible senario?
>>
>
> Kconfig prevents that:
>
> config KPROBES
>         bool "Kprobes"
>         depends on MODULES
>         depends on HAVE_KPROBES
>         select KALLSYMS
>
>
> so you can have either CONFIG_KPROBES=y or CONFIG_KPROBES=n, but not =m.

Sorry for an inaccurate question, my point was "Can I change it from
'bool' to 'tristate'"?

Thanks,
Namhyung

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module?
  2012-05-15  8:34   ` Namhyung Kim
@ 2012-05-15 12:18     ` Masami Hiramatsu
  2012-05-16  1:44       ` Namhyung Kim
  0 siblings, 1 reply; 7+ messages in thread
From: Masami Hiramatsu @ 2012-05-15 12:18 UTC (permalink / raw)
  To: Namhyung Kim; +Cc: Cong Wang, linux-kernel, Hyeoncheol Lee, yrl.pp-manager.tt

Hi,

No, actually you can't make it as a module. There are
two major reasons.
 - ftrace depends on the kprobes now.
 - int3 handling routine is deeply depends on
   the architecture. This includes text modifying code.

Thus, if you separate the kprobes into module, that means
you need to expose more ugly interface of self modifying
for kernel modules.

(2012/05/15 17:34), Namhyung Kim wrote:
> Hi,
> 
> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote:
>> On 05/15/2012 04:24 PM, Namhyung Kim wrote:
>>> Hi,
>>>
>>> Probably a dumb question :).
>>> What prevents the kprobes from being built as a module? We want to use
>>> the kprobes on our systems, but some guys worried about potential
>>> security problems. So it'd be great if we can enable/load kprobes as
>>> needed and then disable/unload after using it. Is it a possible senario?

BTW, I'm not sure what the potential security problems on that?
kprobes itself can be used only from kernel modules(except ftrace).
If someone compromises kernel with kernel module, he doesn't need
kprobes at all. They just can do anything they want. :)

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module?
  2012-05-15  8:24 [QUESTION] Kprobes as a module? Namhyung Kim
  2012-05-15  8:31 ` Cong Wang
@ 2012-05-15 19:52 ` valdis.kletnieks
  2012-05-16  1:48   ` Namhyung Kim
  1 sibling, 1 reply; 7+ messages in thread
From: valdis.kletnieks @ 2012-05-15 19:52 UTC (permalink / raw)
  To: Namhyung Kim; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

On Tue, 15 May 2012 17:24:11 +0900, Namhyung Kim said:
> Probably a dumb question :).
> What prevents the kprobes from being built as a module? We want to use
> the kprobes on our systems, but some guys worried about potential
> security problems. So it'd be great if we can enable/load kprobes as
> needed and then disable/unload after using it. Is it a possible senario?

Any troublemaker who has the ability to set a kprobe would probably also
have theability to just re-load the module before setting the kprobe (unless
you go to a *lot* of trouble to compartmentalize the root user).

So it's not clear there's a security benefit from making it a module.  If anything,
it makes it *worse* because you can then surprise a sysadmin who *thought*
they were running a KPROBES=n kernel by loading a module and turning it on...

[-- Attachment #2: Type: application/pgp-signature, Size: 865 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module?
  2012-05-15 12:18     ` Masami Hiramatsu
@ 2012-05-16  1:44       ` Namhyung Kim
  0 siblings, 0 replies; 7+ messages in thread
From: Namhyung Kim @ 2012-05-16  1:44 UTC (permalink / raw)
  To: Masami Hiramatsu
  Cc: Cong Wang, linux-kernel, Hyeoncheol Lee, yrl.pp-manager.tt

Hi,

On Tue, 15 May 2012 21:18:25 +0900, Masami Hiramatsu wrote:
> No, actually you can't make it as a module. There are
> two major reasons.
>  - ftrace depends on the kprobes now.
>  - int3 handling routine is deeply depends on
>    the architecture. This includes text modifying code.
>
> Thus, if you separate the kprobes into module, that means
> you need to expose more ugly interface of self modifying
> for kernel modules.
>

I see.


> (2012/05/15 17:34), Namhyung Kim wrote:
>> Hi,
>> 
>> On Tue, 15 May 2012 16:31:42 +0800, Cong Wang wrote:
>>> On 05/15/2012 04:24 PM, Namhyung Kim wrote:
>>>> Hi,
>>>>
>>>> Probably a dumb question :).
>>>> What prevents the kprobes from being built as a module? We want to use
>>>> the kprobes on our systems, but some guys worried about potential
>>>> security problems. So it'd be great if we can enable/load kprobes as
>>>> needed and then disable/unload after using it. Is it a possible senario?
>
> BTW, I'm not sure what the potential security problems on that?
> kprobes itself can be used only from kernel modules(except ftrace).
> If someone compromises kernel with kernel module, he doesn't need
> kprobes at all. They just can do anything they want. :)
>

Nevermind, it seems they just worried about what they don't know
exactly. Anyway, thanks for your answer.

Namhyung

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [QUESTION] Kprobes as a module?
  2012-05-15 19:52 ` valdis.kletnieks
@ 2012-05-16  1:48   ` Namhyung Kim
  0 siblings, 0 replies; 7+ messages in thread
From: Namhyung Kim @ 2012-05-16  1:48 UTC (permalink / raw)
  To: valdis.kletnieks; +Cc: Masami Hiramatsu, linux-kernel, Hyeoncheol Lee

Hi,

On Tue, 15 May 2012 15:52:15 -0400, valdis kletnieks wrote:
> On Tue, 15 May 2012 17:24:11 +0900, Namhyung Kim said:
>> Probably a dumb question :).
>> What prevents the kprobes from being built as a module? We want to use
>> the kprobes on our systems, but some guys worried about potential
>> security problems. So it'd be great if we can enable/load kprobes as
>> needed and then disable/unload after using it. Is it a possible senario?
>
> Any troublemaker who has the ability to set a kprobe would probably also
> have theability to just re-load the module before setting the kprobe (unless
> you go to a *lot* of trouble to compartmentalize the root user).
>
> So it's not clear there's a security benefit from making it a module.  If anything,
> it makes it *worse* because you can then surprise a sysadmin who *thought*
> they were running a KPROBES=n kernel by loading a module and turning it on...

Right, thanks for your comment.

Namhyung

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-05-16  1:50 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-05-15  8:24 [QUESTION] Kprobes as a module? Namhyung Kim
2012-05-15  8:31 ` Cong Wang
2012-05-15  8:34   ` Namhyung Kim
2012-05-15 12:18     ` Masami Hiramatsu
2012-05-16  1:44       ` Namhyung Kim
2012-05-15 19:52 ` valdis.kletnieks
2012-05-16  1:48   ` Namhyung Kim

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.