I am working on a security module which checks signatures of binarys/shared libs. The Linux security framework (and thus my module) gets loaded early in the bootprocess.
Right now all my module does is - whenever a binary gets mmap'ed for execution - print out a message using printk() if the signature in the binary is valid or not.
When everything is loaded, all is fine, but not during boottime. At the very beginning it looks as if the files get loaded from another place. Just a sample output of my logfile - I chose to took exactly the part where the files seem to switch:
Code:
Mar 17 18:31:05 localhost kernel: [ 12.370243] - SIGCHECK: ld-2.13.so - No signature! 4393 / 132600
Mar 17 18:31:05 localhost kernel: [ 12.372407] - SIGCHECK: libc-2.13.so - No signature! 4391 / 1348016
Mar 17 18:31:05 localhost kernel: [ 12.458529] - SIGCHECK: init - No signature! 97804 / 31264
Mar 17 18:31:05 localhost kernel: [ 12.489367] - SIGCHECK: ld-2.13.so - Verifiation successful! 279949 / 133176
Mar 17 18:31:05 localhost kernel: [ 12.605187] - SIGCHECK: libc-2.13.so - Verifiation successful! 279931 / 1348576
The last 2 numbers are the i_ino and i_size of the inode. I put them in there to see if they are different files. As you can see they are indeed.
But when I do a find I only find one e.g. libc on my filesystem (the signed one).
So during the beginning of the bootphase I assume that the files get loaded not from within the filesystem but from somewhere else (initrd maybe?).
Now the question is: From where get these files loaded and how can I access them to sign them so that they get accepted by my security module
Edit: Since init is the first binary to be verified successfullzy, I am now pretty sure the reason is the initrd. So since I created it before I signed the files, the files in my initrd fail. Now this question kind of turns into a: How is initrd created with mkinitcpio? Does it simply take already exisiting files and pack them together? If yes, I would just need to create a new initrd. But from which place does it take the files?
Last edited by pludi; 03-23-2011 at 10:37 AM..
Reason: epic win!
You did not tell us particular GNU/Linux distribution you are on but you reference to mkinitcpio seems to indicate that you are on ArchLinux. mkinitcpio is a shell script which you can examine to see where it is picking up the initrd contents. BTW, it uses BusyBox to reduce size of initrd.
I understand the OBP program looks for the boot-device, loads the bootblk (located on physical disk sectors 1 through 15). Then the secondary boot program, /platform/`arch -k`/ufsboot is run. This program loads the kernel core image files (genunix and unix).
So how does it uses the ufsboot and... (1 Reply)
Hello,
Sometime i see that the boot process hangs.
I am using rhel 6.2.
At that time in the console i see
Probing EDD (edd=off to disable)...
SSH service seems to be started but i can't login...
ssh logs (last lines) in verbose mode level 3:
debug2: we did not send a packet,... (3 Replies)
Hello,
I am facing some issues during boot process of rhel 6.2
It takes too long time (~10 min) for the node to come up...
The boot process stuck while it trying to start NFS and does not continue until timeout.
In the boot.log file i see
Starting NFS quotas: Cannot register service:... (2 Replies)
When I get start program at boot
I read which run level
/sbin/rcx.d runlevel=0.....x
only read directory which directory name has UpperCase 'S'
is not enough
someone says that I need to reference another file
which file I need to reference
1)/etc/rc.config.d/all file which parameter... (4 Replies)
I have COMPAQ DS 20 SERVER, During The Boot Process, There is an ERROR MESSAGE :
malloc_mem_alloc : no space in map.
AND the system can't boot , And i can't do anything.
The server display : malloc_mem_alloc and the unique thing i can di is to restart the server with i/o buttom.
HELP ME... (1 Reply)
Hi,
I have a program that check the IP address and automatic update it to the DNS server. I would like to run this program when the computer bootup after pppd get a connection. How do I add it to the init file. Does any one have any information of how to do it.
I run a Linux Mandrake as a... (1 Reply)
