Understanding the boot process Post: 302507189

Sponsored Content

Top Forums UNIX for Advanced & Expert Users Understanding the boot process Post 302507189 by disaster on Wednesday 23rd of March 2011 03:43:14 AM

03-23-2011

Registered User

Understanding the boot process

Hey guys,

I am working on a security module which checks signatures of binarys/shared libs. The Linux security framework (and thus my module) gets loaded early in the bootprocess.
Right now all my module does is - whenever a binary gets mmap'ed for execution - print out a message using printk() if the signature in the binary is valid or not.

When everything is loaded, all is fine, but not during boottime. At the very beginning it looks as if the files get loaded from another place. Just a sample output of my logfile - I chose to took exactly the part where the files seem to switch:

Code:

Mar 17 18:31:05 localhost kernel: [ 12.370243] - SIGCHECK: ld-2.13.so - No signature! 4393 / 132600
Mar 17 18:31:05 localhost kernel: [ 12.372407] - SIGCHECK: libc-2.13.so - No signature! 4391 / 1348016
Mar 17 18:31:05 localhost kernel: [ 12.458529] - SIGCHECK: init - No signature! 97804 / 31264
Mar 17 18:31:05 localhost kernel: [ 12.489367] - SIGCHECK: ld-2.13.so - Verifiation successful! 279949 / 133176
Mar 17 18:31:05 localhost kernel: [ 12.605187] - SIGCHECK: libc-2.13.so - Verifiation successful! 279931 / 1348576

The last 2 numbers are the i_ino and i_size of the inode. I put them in there to see if they are different files. As you can see they are indeed.
But when I do a find I only find one e.g. libc on my filesystem (the signed one).
So during the beginning of the bootphase I assume that the files get loaded not from within the filesystem but from somewhere else (initrd maybe?).

Now the question is: From where get these files loaded and how can I access them to sign them so that they get accepted by my security module

Edit: Since init is the first binary to be verified successfullzy, I am now pretty sure the reason is the initrd. So since I created it before I signed the files, the files in my initrd fail. Now this question kind of turns into a: How is initrd created with mkinitcpio? Does it simply take already exisiting files and pack them together? If yes, I would just need to create a new initrd. But from which place does it take the files?

Last edited by pludi; 03-23-2011 at 10:37 AM.. Reason: epic win!

disaster

View Public Profile for disaster

Find all posts by disaster

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

start a process at boot up time

Hi, I have a program that check the IP address and automatic update it to the DNS server. I would like to run this program when the computer bootup after pppd get a connection. How do I add it to the init file. Does any one have any information of how to do it. I run a Linux Mandrake as a...

2. UNIX for Advanced & Expert Users

MALLOC_MEM_ALLOC during boot process

I have COMPAQ DS 20 SERVER, During The Boot Process, There is an ERROR MESSAGE : malloc_mem_alloc : no space in map. AND the system can't boot , And i can't do anything. The server display : malloc_mem_alloc and the unique thing i can di is to restart the server with i/o buttom. HELP ME...

3. HP-UX

HP UX start process at boot time

When I get start program at boot I read which run level /sbin/rcx.d runlevel=0.....x only read directory which directory name has UpperCase 'S' is not enough someone says that I need to reference another file which file I need to reference 1)/etc/rc.config.d/all file which parameter...

4. Red Hat

Linux Boot Process

Explain Linux Boot Process???

5. Red Hat

NFS does not start during boot process

Hello, I am facing some issues during boot process of rhel 6.2 It takes too long time (~10 min) for the node to come up... The boot process stuck while it trying to start NFS and does not continue until timeout. In the boot.log file i see Starting NFS quotas: Cannot register service:...

6. Red Hat

Boot process hang

Hello, Sometime i see that the boot process hangs. I am using rhel 6.2. At that time in the console i see Probing EDD (edd=off to disable)... SSH service seems to be started but i can't login... ssh logs (last lines) in verbose mode level 3: debug2: we did not send a packet,...

7. Solaris

Trying to understand the boot process

I understand the OBP program looks for the boot-device, loads the bootblk (located on physical disk sectors 1 through 15). Then the secondary boot program, /platform/`arch -k`/ufsboot is run. This program loads the kernel core image files (genunix and unix). So how does it uses the ufsboot and...

LEARN ABOUT MOJAVE

crypt.conf

crypt.conf(4)							   File Formats 						     crypt.conf(4)

NAME

       crypt.conf - configuration file for pluggable crypt modules

SYNOPSIS

       /etc/security/crypt.conf

DESCRIPTION

       crypt.conf  is  the configuration file for the pluggable crypt architecture.  Each crypt module must provide a function to generate a pass-
       word hash, crypt_genhash_impl(3C), and a function to generate the salt, crypt_gensalt_impl(3C).

       There must be at least one entry in crypt.conf with the same name as is stored in the crypt_algorithm_magic symbol of the module. The docu-
       mentation provided with the module should list this name.

       The  module_path  field	specifies the path name to a shared library object that implements crypt_genhash_impl(), crypt_gensalt_impl(), and
       crypt_algorithm_magic.  If the path name is not absolute, it is assumed to be relative to /usr/lib/security/$ISA.  If the  path	name  con-
       tains  the $ISA token, the token is replaced by an implementation-defined directory name that defines the path relative to the calling pro-
       gram's instruction set architecture.

       The params field is used to pass module-specific options to the shared objects. See crypt_genhash_impl(3C) and crypt_gensalt_impl(3C).	It
       is  the	responsibility of the module to parse and interpret the options.  The params field can be used by the modules to turn on debugging
       or to pass any module-specific parameters that control the output of the hashing algorithm.

EXAMPLES

       Example 1: Provide compatibility for md5crypt-generated passwords.

       The default configuration preserves previous Solaris behavior while adding compatibility for md5crypt-generated passwords  as  provided	on
       some BSD and Linux systems.

       #
       # crypt.conf
       #
       1 /usr/lib/security/$ISA/crypt_bsdmd5.so

       Example 2: Use md5crypt to demonstrate compatibility with BSD- and Linux-based systems.

       The following example lists 4 algorithms and demonstrates how compatibility with BSD- and Linux-based systems using md5crypt is made avail-
       able, using the algorithm names 1 and 2.

       #
       # crypt.conf
       #
       md5 /usr/lib/security/$ISA/crypt_md5.so
       rot13 /usr/lib/security/$ISA/crypt_rot13.so

       # For *BSD/Linux compatibilty
       # 1 is md5,  2 is Blowfish
       1 /usr/lib/security/$ISA/crypt_bsdmd5.so
       2 /usr/lib/security/$ISA/crypt_bsdbf.so

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       passwd(1), crypt(3C),  crypt_genhash_impl(3C),  crypt_gensalt(3C),  crypt_gensalt_impl(3C),  getpassphrase(3C),	passwd(4),  attributes(5),
       crypt_unix(5)

SunOS 5.10							    10 Jun 2002 						     crypt.conf(4)