Date: Fri, 17 Apr 2015 13:30:58 +0930 From: "O'Connor, Daniel" <darius@dons.net.au> To: Yuri <yuri@rawbw.com> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Is it possible to check the running kernel signature? Message-ID: <7C5F6DC3-5507-409E-B58A-F9F291D1924A@dons.net.au> In-Reply-To: <553074DE.4070106@rawbw.com> References: <553074DE.4070106@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 17 Apr 2015, at 12:20, Yuri <yuri@rawbw.com> wrote: > The idea that comes to mind is the ability to verify that the running = kernel wasn't tampered with by comparing it with its disk image copy. = Same with the kernel modules. Kernel can be verified through the memory = mmapped to /dev/mem device. > Is this idea feasible, and would it make sense to implement it? If the kernel has been compromised then you can't trust it, since any = userland program has to use the kernel to do its job it is impossible to = validate the kernel because the kernel could just fake up anything it = wants. Also I think when the kernel is loaded it is modified for things like = relocations (although I'm not sure) which would make it tricky to = verify. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7C5F6DC3-5507-409E-B58A-F9F291D1924A>