Re: Checking integrity of /sbin/init from within kernel

[Hakan Olsson <ho@crt.se>]

On Tue, 1 Oct 2002, Torsten Valentin wrote:
...
> Now that I hope you agree with me that my concept improves security of a
> machine significantly, I'd like to ask my initial question again:

Not really. If someone gets to the point of being able to replace/modify
the kernel or /sbin/init, you have bigger problems elsewhere.

As an analogy, consider the security situation with "smart cards" and
their use. The security in all such systems basically relies on just one
thing -- it should be difficult to retrieve the private key(s) from the
card. All other measures and various "smart" designs around them are minor
compared to this.

> How difficult is it to access a file (/sbin/init) from the kernel and
> build a checksum of it and decide whether the kernel should now start
> that file or not?

Not that difficult, I imagine. Haven't really thought about it.

> Has the kernel itself routines in it to access files that could be
> reused, or would that have to be completely new code?

You can probably find good clues by reading parts of the kernel
code.

> How difficult would it be to implement code that would do a md5-sum? I
> don't have a lot of knowledge of kernel architecture, so I don't know
> how much work this would mean. How many hours would a skilled programmer
> have to spend on this?

Pretty easy, I think, so not that many.

/H

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB