<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Another thing you should note, that if you do not protect boot
integrity, you're grinding water, because all your hypervisor
based protection and magnificent hardening would be null and void
after the next reboot.</p>
<p><br>
</p>
<p>Generally speaking, I really recommend you to get paid
consultancy from a real security professional (e.g., not me),
because there are probably other concerns you and me are not even
considering now.<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 17/01/2019 11:26, Elazar Leibovich
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:a7bdc39c-1a65-d16d-d0ff-22d5645046fe@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>What you probably want, is something similar to Windows VBS
HVCI, which is usually achieved via underlying hypervisor.</p>
<p>It forces you to pass the security boundary of the hypervisor,
even if security boundary between user/kernel is bypassed.<br>
</p>
<p>Have a look at Bromium or QubeOS for a full solution (not even
sure they offer HVCI, but maybe)<br>
</p>
<p>Note you'll need to disable things like kprobe and BPF JIT.<br>
</p>
<p>I guess you can hack something with standalone Xen.</p>
<p><br>
</p>
<p>I'm far from expert, and can consult if other solutions are
available. Also have a look at grx, which offer hardening in
general and maybe have VBS-like solutions. Ping me in private if
you need additional help, I can refer you to relevant people.</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 13/01/2019 21:22, Shachar Shemesh
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1139bbf9-0a49-d3d5-be6b-ca73696c3dc8@shemesh.biz">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<style type="text/css">body p { margin-bottom: 0cm; margin-top: 0pt; } </style>
<div class="moz-cite-prefix">On 12/01/2019 15:19, Lev Olshvang
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:589971547299140@myt5-f9d71769b752.qloud-c.yandex.net">
<pre class="moz-quote-pre" wrap="">Hi All,
The fact that the text segment could be modified is bad news from the security standpoint.
For example, in order to set a breakpoint GDB should map a text segment with MAP_PRIVATE flag which allows kernel to ignore the dirty bit that MMU sets on this page.
Somewhere in the middle of this mapping, perhaps in mprotect, permission bits of page's PTE entry are modified as well from their original RO+X to RWX
I am not sure whether it is actually happening, perhaps instead new pages are allocated, sort of COW (copy on write).
And here I am getting to the point :
Is there any way to disable the change of permission bits of PTE? Is it possible in the hardware (ARM) or should kernel be patched?
Regards to All,
Happy new year.
Lev.
</pre>
</blockquote>
<p>I am 86.3%<sup>1</sup> certain that this change will not
bring about what you want this change to do. For example, if
protecting against ptrace is what you're after, please note
that fakeroot-ng completely changes what a process is running
without making any changes to the text segment at all.</p>
<p><br>
</p>
<p>Anyways, it is not the kernel that maps the text segment into
memory using private mapping. It is the dynamic linker. If you
need to change that to shared mapping, change the dynamic
linker.</p>
<p><br>
</p>
<p>Shachar</p>
<p><br>
</p>
<p>1- Following the 80% rule, which states that 92.7% of
statistics people quote are made up on the spot.<br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Linux-il mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Linux-il@cs.huji.ac.il" moz-do-not-send="true">Linux-il@cs.huji.ac.il</a>
<a class="moz-txt-link-freetext" href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" moz-do-not-send="true">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a>
</pre>
</blockquote>
</blockquote>
</body>
</html>