current-users: Re: identifying LKMs

Subject: Re: identifying LKMs
To: None <current-users@netbsd.org>
From: Jaromir Dolecek <dolecek@ics.muni.cz>
List: current-users
Date: 12/02/1998 23:29:25
Dave Sainty wrote:
> "Michael VanLoon" writes:
> 
> > Excuse the thought from the Land of the Enemy, but it would seem simple
> > if you just did something like COM does: make a GUID (Globally Unique
> > ID -- a 128-bit "hash" generated by an Ethernet address, something to do
> > with the current time, and some monotonically increasing value, I
> > believe) that is assigned to that module when it is created, and don't
> > change it for the life of the module.  It's faster because you're not
> > hashing this binary every time you try to load it, and it doesn't
> > change.

The biggest problem with this scheme is, that it's not very flexible.
With virtually any change to code relevant to the module you have to
generate new version GUID, update list somewhere and then distribute
it. More - that GUID number is more of
this-is-indentification-of-this-module than
this-code-really-is-exactly-code-ya-want.  What's not very clear to me
is how the GUID is associated with the module - is it compiled into it,
it stored as part of it's digital signature or what ? What prevents
someone to get the GUID and use it as "identification" of his/her
own malicious module ?

Other problem with GUID (which makes it IMO unasable for LKMs at least)
is: how you transfer the GUID of currently loading module into kernel ?
By separate ioctl ? What about getting "registered" GUID,
pass it as GUID of currently loading module and upload something other ?

GUID as part of the uploding code ? What prevents you from making custom
module with the same GUID ?

For properly recognize if the uploding module is module we want,
we really need to do some kind of hash of it's code at "registration" time.
We need something tightly associated with the module code, not
some externally generated number, IMNSHO.

> 
> I think the point is that the hash should be one way over the code, so
> it would be a security feature.
> 
> The Microsoft GUID scheme is just a naming scheme...

That's what I think too.

Time has come to look at FreeBSD's LKMs. Hopefully I'll find some spare
time somewhere ;-b

-- 
Jaromir Dolecek <dolecek@ics.muni.cz>	http://www.ics.muni.cz/~dolecek/
-------------------------------------------------------------------------
It is better never to have been born.  But who among us has such luck?
One in a million, perhaps.