tech-kern: writing secure kernel modules

Subject: writing secure kernel modules
To: None <tech-kern@netbsd.org>
From: Piotr Stolc <socrtp@sedez.iq.pl>
List: tech-kern
Date: 03/22/2002 14:11:07

Hi all!
I just wrote simple kernel module which restricts the ability to view
process table by users (like "restricted proc" option in Openwall patch for
Linux). It can be found at:
http://sedez.iq.pl/~socrtp/netbsd/resproc-0.01beta.tar.gz

I have a few questions about programming kernel modules/patches which won't
introduce security holes:

1. What kind of UID/GID (effective or real) should I check to find if the
process should be permitted to do something?

2. What checks should I apply at the start of new syscall function? In the
above example I modify syscall's input data, so there should be some checks.

3. Are there some general rules about writing secure kernel modules under
NetBSD?


TIA!

-- 

s.