[e-lang] rootkit for capability

Bill Frantz frantz at pwpconsult.com
Wed Nov 9 01:46:53 EST 2005


On 11/8/05, rasmussen.bryan at gmail.com (bryan rasmussen) wrote:

>I was just thinking about the sony rootkit case. now one thing a
>rootkit is really doing is adding unavoidable abilities to the OS,
>someone could conceivably rootkit their own system because they wanted
>to add such abilities at the OS level and not having Linux or similar
>decide to do so via this method. So, this made me think - what would
>be the effects (theoretically) of a rootkit for adding capabilities.
>How would it work, drawbacks etc.

I don't know how relevant to the E situation this suggestion is, but in
KeyKOS we had the problem of adding a capability to a running system. 
The situation would arise that some new kernel function needed to be
invoked with a capability.  Since the capability didn't exist when the
system was "big banged" we had to add it dynamically.  What we did was:

(1) Add code to the kernel to implement the function of the capability.
(2) Compile the kernel with the representation of the capability in the
"kernel node". (3) Restart from the last checkpoint. (4) Copy the
capability out of the kernel node to the place(s) where it was needed.

The kernel node was a node that was compiled in with the kernel.  A key
to the kernel node was kept in a highly privileged part of the system,
for just this use.

Cheers - Bill

---------------------------------------------------------------------
Bill Frantz        | The first thing you need   | Periwinkle 
(408)356-8506      | when using a perimeter     | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter.    | Los Gatos, CA 95032



More information about the e-lang mailing list