grsecurity forums

Skip to content

T mode for subjects

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

T mode for subjects

Postby IppatsuMan » Sat Jul 08, 2006 2:27 pm

Hi all :)
First: I apologize for my bad english.

From gracldoc.pdf, in the section about subject modes:
* T - Ensures this process can never execute any trojaned code


What does it mean? I know what is a trojaned code (but maybe my definition differs) but how does grsecurity prevent the execution of a trojaned subject? Does it save a hash of the executable file and checks that it is not tampered when it is started?

I've checked the kernel source and it seems that it refers to the GR_NOTROJAN constant, but it seems that this constant isn't used anywhere in the code.

In brief: what does the T mode do to a subject?

Thank you all.
IppatsuMan
 
Posts: 1
Joined: Fri May 26, 2006 8:36 am
Top

Postby spender » Sun Jul 09, 2006 7:50 pm

It checks all other non-admin subjects and looks to see if any of them allow writing to the subject with the T mode set. This is all done in userland, which is why there's no reference to the mode in the kernel code.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group