From: wzt.wzt@gmail.com Date: Fri, 26 Feb 2010 14:49:55 +0000 (+0800) Subject: Security: Add __init to register_security to disable load a security module on runtime X-Git-Tag: v2.6.35-rc1~488^2^2~57^2~6 X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c1e992b99603a84d7debb188542b64f2d9232c07;p=pandora-kernel.git Security: Add __init to register_security to disable load a security module on runtime LSM framework doesn't allow to load a security module on runtime, it must be loaded on boot time. but in security/security.c: int register_security(struct security_operations *ops) { ... if (security_ops != &default_security_ops) return -EAGAIN; ... } if security_ops == &default_security_ops, it can access to register a security module. If selinux is enabled, other security modules can't register, but if selinux is disabled on boot time, the security_ops was set to default_security_ops, LSM allows other kernel modules to use register_security() to register a not trust security module. For example: disable selinux on boot time(selinux=0). #include #include #include #include #include #include #include MODULE_LICENSE("GPL"); MODULE_AUTHOR("wzt"); extern int register_security(struct security_operations *ops); int (*new_register_security)(struct security_operations *ops); int rootkit_bprm_check_security(struct linux_binprm *bprm) { return 0; } struct security_operations rootkit_ops = { .bprm_check_security = rootkit_bprm_check_security, }; static int rootkit_init(void) { printk("Load LSM rootkit module.\n"); /* cat /proc/kallsyms | grep register_security */ new_register_security = 0xc0756689; if (new_register_security(&rootkit_ops)) { printk("Can't register rootkit module.\n"); return 0; } printk("Register rootkit module ok.\n"); return 0; } static void rootkit_exit(void) { printk("Unload LSM rootkit module.\n"); } module_init(rootkit_init); module_exit(rootkit_exit); Signed-off-by: Zhitong Wang Signed-off-by: James Morris --- Reading git-diff-tree failed