Checking executables before running them in L4re/fiasco

Masti Ramya Jayaram rmasti at inf.ethz.ch
Mon Sep 1 09:54:02 CEST 2014 

Hey Adam,

Thanks for the suggestion. I have one other constraint: I would like to keep trusted computing base (or the amount of security critical code as small as possible).

>From what I understand from http://l4re.org/doc/index.html, the following constitutes the minimal trusted code (which if buggy or compromised by an attacker ruins the isolation properties of the kernel).

a. Whole of fiasco
b. Sigma0 (the root pager)
c. Moe (the loader)
d. Ned (the first loaded program used to bootstrap the rest) 

The IO server is not really security critical as far as I understood. Is this correct? 

So I would ideally like to do it even before sigma because if the checks fail, I do not want to proceed and it would be ok to do it in moe or ned. So could you elaborate on mmap part to map a piece of IO memory say in a separate executable after sigma?

Thanks in advance,
Ramya

________________________________________
From: l4-hackers [l4-hackers-bounces at os.inf.tu-dresden.de] on behalf of Adam Lackorzynski [adam at os.inf.tu-dresden.de]
Sent: 01 September 2014 00:14
To: l4-hackers at os.inf.tu-dresden.de
Subject: Re: Checking executables before running them in L4re/fiasco

On Sat Aug 30, 2014 at 14:02:41 +0000, Masti  Ramya Jayaram wrote:
> I am using fiasco/l4re to run applications (say hello world) and
> L4linux. The module list in the two cases looks like this:
>
> entry hello-cfg
> kernel fiasco -serial_esc -freq=533000
> roottask moe rom/hello.cfg
> module l4re
> module ned
> module hello.cfg
> module hello
>
> entry l4linux
> kernel fiasco -serial_esc -freq=533000
> roottask moe rom/l4linux.cfg
> module l4re
> module ned
> module l4linux.cfg
> module io
> module vmlinuz
> module ramdisk-x86.rd
>
> I would like to add some functionality that performs a few checks on
> hello and vmlinuz before they are executed. In this context, I have
> the following questions:
>
> a. Where is it best to implement such functionality - moe or ned? Or
> should I implement a separate server and do this?

You can just write your own program for that. In this program, just do
normal open()/read()/mmap() on path "rom/hello" / "rom/vmlinuz".

> b. I need access to an special range of  IO memory when I perform the
> checks. i guess I could always use the io module and do
> "l4io_request_iomem()" . Would that be the right way to do it from
> moe/ned?

Yes, just do l4io_request_iomem() to get the IOMEM, however, not from
moe nor ned. Ned is just starting io, so you do not have access to io
easily from within ned. No problem in a separate program.

> c. Is there a way to allocate/reserve a dedicated range of physical
> memory to these applications (hello/vmlinuz) so that they get
> allocated the same chunk everytime (of physical memory)?

You mean for the images? They are placed in memory by the bootloader
(and/or bootstrap), so they'll have the same memory location everytime
given the bootloader is doing it the same way everytime. They're not
moved around afterwards.



Adam
--
Adam                 adam at os.inf.tu-dresden.de
  Lackorzynski         http://os.inf.tu-dresden.de/~adam/

_______________________________________________
l4-hackers mailing list
l4-hackers at os.inf.tu-dresden.de
http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers

More information about the l4-hackers mailing list