This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Stop the execution of syscall in trap.c

To: Gianni Tedesco <gianni.tedesco@xxxxxxxxxx>
Subject: Re: [Xen-devel] Stop the execution of syscall in trap.c
From: Carlo Maiero <zesster@xxxxxxxxx>
Date: Wed, 13 Oct 2010 20:37:49 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 13 Oct 2010 11:39:03 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=JnRIXspMuO2FhfFzmndnDxJewadT0b+GobnO/KiMNqs=; b=JFsJbouDlDE4nOZQJvjswSAvWR06N0+kAZYrSHUqx9QV+Lzc43hzbcYNr12bwKAOIr vQvaLpPyhlMpWhGha2XFM2X9g/yeq1qOeHglnJ0B7fcKPW5ZR09aVsGmrMACauCpLfLv cHnRMgtziZbVWBEEDAl02C+7+H5E2PF7ZGmOU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=PkA8qyFd7iiCMtKdXJacRPX4stPDOS7uEAI1vU2YOBt+6eB7tuKdC+k6rEe0Xhsels 20YP397c7jQSMgYsRkwkMFCV9GGeCrqKC8KJ4yVTS6BUuR/BREoFL+SPcC5sd3eHzq/x Ht0igWndm/pzBbeMorIAAl9O0/dk1QIXzfNFA=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1286982836.12843.533.camel@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTim9bO0f=eHQ4wGcKNnPQdcG000e9oGz6uV9mAYr@xxxxxxxxxxxxxx> <1286982836.12843.533.camel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

2010/10/13 Gianni Tedesco <gianni.tedesco@xxxxxxxxxx>
On Wed, 2010-10-13 at 14:11 +0100, Carlo Maiero wrote:
> I'm working on a similar project
> of http://lists.xensource.com/archives/html/xen-devel/2008-11/msg00813.html,
> but after the interception I also want to stop some syscall from be
> executed by the hypervisor.
> I intercept the call in the do_guest_trap in trap.c, and i control the
> (cpu_user_regs regs) regs->eax for the number, and if
> the number is some unpermitted syscall as for example (128 for insmod
> or 129 for rmmod), i want to stop the execution of the syscall.
> How can I stop the execution here?(it's possible to stop the execution
> here?)  or return an error code without a system crush?
> I've tried something but somethings just print the error code, and
> don't stop the syscall execution, and other things brings to panic.

Sounds like you just want to put -EPERM in %eax and not forward the
interrupt to the guest in that case...

By the way, it's difficult to see what threat model this
security-related-looking feature is intended to address.

The guest kernel already implements its own security model - and on a
much finer granularity than syscall number. If an attacker can control
the kernel so as to bypass that security model then it would also be
able to bypass these restrictions, trivially by using sysenter or
setting up a syscall trap at other than 0x80 but also by implementing
any of an infinite variation on kernel/user communication vectors. In
other words, you are better off writing an LSM if all you want to do is
restrict root from modifying the kernel ;)


Thanks, it works!! 
This is a work for my thesis. The target of the work is to offer a system that dynamically from dom0 decide, 
from stats and logs, what are the operation permitted and what are the operation not granted.
Maybe sometimes we just want the attacker to run some malicious software (ex. honey pot). 
it's a guideline of the project to keep unchanged the guest.


Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>