2003-01-30 17:23:41

by Abhishek Singh

[permalink] [raw]
Subject: Secure usage of netfilter hooks

Hi,
Is it possible for a netfilter hook registered during module insertion
time to be removed by a userspace application (such as iptables) without
the insertion of a new module?

What I am trying to do is implement a hook for secure packet processing
using netfilter. If however an attacker can remove this hook without
inserting a new module or compromising the kernel in some way then the
security level of this hook is compromised.

--

Thanks and Regards,

-abhi



2003-01-30 17:38:18

by Gianni Tedesco

[permalink] [raw]
Subject: Re: Secure usage of netfilter hooks

On Thu, 2003-01-30 at 17:33, Abhishek Singh wrote:
> Is it possible for a netfilter hook registered during module insertion
> time to be removed by a userspace application (such as iptables) without
> the insertion of a new module?

Yeah, remove all rules using it and rmmod the module.

> What I am trying to do is implement a hook for secure packet processing
> using netfilter. If however an attacker can remove this hook without
> inserting a new module or compromising the kernel in some way then the
> security level of this hook is compromised.

You gotta be root to manipulate iptables. If a user could manipulate ANY
iptables rules security would already be compromised because any user
could fuck with firewall rules.

HTH

--
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source http://www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D


Attachments:
signature.asc (189.00 B)
This is a digitally signed message part