• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)

  • Subject: Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
  • From: "John D." <email@hidden>
  • Date: Mon, 15 Dec 2008 06:15:42 +0100
On Mon, Dec 15, 2008 at 5:33 AM, Dean Reece <email@hidden> wrote:
> It isn't a hassle for legitimate developers because they loose that status
> as soon as they step outside our KPI space.  Thus far, we have not
> introduced strong protections to prevent developers getting at things we
> don't export, but that may change if we see customer problems resulting from
> such practice.

Correct me if I'm interpreting your words wrongly, buy did you just
say that anyone who steps out of the limited KPI interfaces is
illegitimate? That sounds naive. It's not their fault if you have
crippled the FreeBSD kernel API. I'm not saying you don't have any
legit reasons to do so, but it's a fact that you've done it.

Regarding protections to prevent things like memory patching, et al;
honestly, the result will be a more crippled set of kernel interfaces
and no true feasible or practical improvements. Once your code runs in
privileged mode there's simply no way to prevent anything. The only
limitation is the skillset and level of complexity required to
implement the new counter measures.

Hence why I said all those measures are effectively useless in
practice. Unless you have a hardware-based mechanism (which can be
assured to be tamper proof as well, think of sealed TPM module or
alike) validating privileged code changes or firmware, there's no way
you can prevent 'unofficial' modifications. Then again, this could be
illegal to implement and will be broken as soon as someone has the
time, effort and skillset to put on breaking it.

--
- John Denkar
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
      • From: Amanda Walker <email@hidden>
References: 
 >Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: "John D." <email@hidden>)
 >Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: Michael Smith <email@hidden>)
 >Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: "John D." <email@hidden>)
 >Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: Terry Lambert <email@hidden>)
 >Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: "John D." <email@hidden>)
 >Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: Terry Lambert <email@hidden>)
 >Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: "John D." <email@hidden>)
 >Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols) (From: Dean Reece <email@hidden>)

  • Prev by Date: Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
  • Next by Date: Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
  • Previous by thread: Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
  • Next by thread: Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
  • Index(es):
    • Date
    • Thread