grsecurity forums


https://forums.grsecurity.net./

CONSTIFY_PLUGIN polluting magic string

https://forums.grsecurity.net./viewtopic.php?f=3&t=2840

Page 1 of 1

CONSTIFY_PLUGIN polluting magic string

PostPosted: Fri Oct 14, 2011 7:10 am
by arekm
Kernel reports "3.0.6-1 SMP mod_unload 686 CONSTIFY_PLUGIN GRSEC ".

Is there any reason for placing CONSTIFY_PLUGIN in this magic string?

I mean why constified kernel shouldn't be able to load non-constified modules? (It should work fine, just no protection for modules - right?)

Re: CONSTIFY_PLUGIN polluting magic string

PostPosted: Fri Oct 14, 2011 9:01 am
by PaX Team
arekm wrote:I mean why constified kernel shouldn't be able to load non-constified modules? (It should work fine, just no protection for modules - right?)
no, it would not work right ;). imagine that the external module tries to write to an ops structure that is writable under a normal kernel, but read-only on a constified kernel. if the module is compiled without the consitify plugin, you'll get a nice runtime oops when it actually tries to write to this ops structure vs. a compile time error when you can easily see what it's trying to do and patch it appropriately.

Re: CONSTIFY_PLUGIN polluting magic string

PostPosted: Fri Oct 14, 2011 2:25 pm
by arekm
Bad then, have to disable constify - patching external modules is too big pain :-/ Or drop constify from magic string and pray that external modules don't write in these places.

One way or another - it's a mess.

Upstream constify thing as soon as possible is a solution ! :-)
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/