From owner-freebsd-stable@FreeBSD.ORG  Wed Apr  4 17:34:31 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0FFCD1065670
	for <freebsd-stable@freebsd.org>; Wed,  4 Apr 2012 17:34:31 +0000 (UTC)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
	by mx1.freebsd.org (Postfix) with ESMTP id B18278FC08
	for <freebsd-stable@freebsd.org>; Wed,  4 Apr 2012 17:34:30 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <freebsd-stable@m.gmane.org>) id 1SFU6E-0002Me-TJ
	for freebsd-stable@freebsd.org; Wed, 04 Apr 2012 19:34:27 +0200
Received: from np-19-75.prenet.pl ([np-19-75.prenet.pl])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Wed, 04 Apr 2012 19:34:26 +0200
Received: from jb.1234abcd by np-19-75.prenet.pl with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Wed, 04 Apr 2012 19:34:26 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-stable@freebsd.org
From: jb <jb.1234abcd@gmail.com>
Date: Wed, 4 Apr 2012 17:34:12 +0000 (UTC)
Lines: 21
Message-ID: <loom.20120404T192618-4@post.gmane.org>
References: <CAGE5yCpuvsVrc-+DTVas-W4fjuP2s+6PQONMOTyEbGnj2CY3ig@mail.gmail.com>
	<4F766F29.2030803@cs.stonybrook.edu>
	<CAFHbX1KiZx68MP4bCAvPc0Zui3fA4O35_z3kP781zoJqLYp7Bw@mail.gmail.com>
	<4F79D88B.3040102@cs.stonybrook.edu>
	<CAFHbX1KE15G9gx7Duw2R8zC5jL1jiEir0yMB0-s5+4xx517WtQ@mail.gmail.com>
	<4F79E27E.3000509@cs.stonybrook.edu>
	<CAGE5yCrwLosuTT2yq0DEx+z8ztKpkrB=tORmURcuh_SCz=L7qg@mail.gmail.com>
	<4F79FCB8.1090003@cs.stonybrook.edu>
	<CAGE5yCrz45AWeJGv=2UWRq7xpXZVtvsx+5O6cvaE6ZzoFrz5mA@mail.gmail.com>
	<4F7A05C4.9070808@cs.stonybrook.edu>
	<20120403170259.GA94837@neutralgood.org>
	<loom.20120404T103230-175@post.gmane.org>
	<1333550029.1090.67.camel@revolution.hippie.lan>
	<loom.20120404T165909-66@post.gmane.org>
	<CAGE5yCoZuyUhuWRc0orYkB2wuuESuBzzoRNqOvWr-G=a1XOJDA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 79.139.19.75 (Mozilla/5.0 (X11; FreeBSD i386;
	rv:10.0.2) Gecko/20100101 Firefox/10.0.2)
Subject: Re: Text relocations in kernel modules
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 17:34:31 -0000

Peter Wemm <peter <at> wemm.org> writes:

> ...
> There is no way to interfere because it is done outside of user space
> entirely, **after** the file has been copied out of the file system.
> You can do whatever you like to the file, but it has no effect because
> all the relocation is done in a private kernel copy.
> ...

What if attack code (broadly understood) is part of module code, and is based
on either or both of:
- hidden (as to meaning and reloc targets) arrangement of relocations needed
- has an ability of (self) activation during load/link and *relocations* process
already under the privilege of the kernel ?

Is that possible at all ?
Would there be any protection against it (except giving up relocations as
an enabling vehicle) ?

jb