LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-11-2014, 07:55 AM   #1
salantrax
LQ Newbie
 
Registered: Feb 2014
Posts: 7

Rep: Reputation: Disabled
How to make an extraordinarily incompatible kernel module


Hello!

I was wondering if you could recommend a kernel module that would fail miserably and reliably when inserting it into a "foreign" kernel, i.e. one for which the module was not built.

The plan is to store that module probe/key on an encrypted rootfs and watch for module errors that would indicate that the kernel image has been swapped.

EDIT: That module would get loaded by systemd, according to the list /etc/modules-load.d/modules.conf:
Code:
# List of modules to load at boot
module-that-does-not-play-nice-with-unfamiliar-kernels

Last edited by salantrax; 08-11-2014 at 08:15 AM. Reason: More info
 
Old 09-06-2014, 05:17 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by salantrax View Post
I was wondering if you could recommend a kernel module that would fail miserably and reliably when inserting it into a "foreign" kernel, i.e. one for which the module was not built.
Take something that's been deprecated since kernel 2.0.23? ;-p


Quote:
Originally Posted by salantrax View Post
The plan is to store that module probe/key on an encrypted rootfs and watch for module errors that would indicate that the kernel image has been swapped.
...so I load something before your encrypted rootfs is mounted that hides any LKM error messages?
 
Old 09-08-2014, 02:57 PM   #3
salantrax
LQ Newbie
 
Registered: Feb 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Take something that's been deprecated since kernel 2.0.23? ;-p
Needs to be compatible with current kernel (> 3.16).


Quote:
Originally Posted by unSpawn View Post
...so I load something before your encrypted rootfs is mounted that hides any LKM error messages?
Then how do you explain that the module doesn't say:
"Hello! I loaded successfully, and the secret passphrase is 4324984234."?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to make two instances of kernel module ....??? Help. skate Linux - Software 5 07-08-2008 04:17 AM
how to make my module part of kernel furahm Linux - General 1 07-10-2006 04:33 AM
What can you ACTUALLY make a module for in the kernel? djuhl30 Linux - Hardware 2 01-30-2006 03:34 AM
compile kernel module without 'make' whysyn Linux - Software 2 01-29-2006 01:56 AM
cmedia cmi9739a incompatible module format FirebirdV0273 Linux - Hardware 2 10-25-2004 10:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration