• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Integrity checks for Mac kernel extensions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Integrity checks for Mac kernel extensions

  • Subject: Re: Integrity checks for Mac kernel extensions
  • From: Evan Lojewski <email@hidden>
  • Date: Fri, 24 Aug 2012 13:17:40 -0600
Heh, autocorrect is useful... That should say prelinked kernel and not
prelim led,

Evan

On Aug 24, 2012, at 1:16 PM, Evan Lojewski <email@hidden> wrote:

> I think a good question to ask here is *why* you want to do an
> integrity check. Do you just want to make sure that the Kext hasn't
> been corrupted? Additionally, if the Kext is loading from a prelim led
> kernel or cache, the binary itself may get modified.
>
> Evan Lojewski
>
> On Aug 24, 2012, at 1:08 PM, Ken Hornstein <email@hidden> wrote:
>
>>> You seem to be drawing conclusions based on writing a BSD filesystem
>>> kext (?) which is not the general case, and certainly has a different
>>> operating environment than 99% of kexts (which are IOKit kexts,
>>> match asynchronously with respect to the root filesystem and each
>>> other, and cannot in general call into the BSD side of the kernel
>>> early in boot without panicking)
>>
>> Well, yeah, that's my experience, and I hope I've never presented myself
>> as the be-all expert when it comes to MacOS kernel extensions because
>> obviously I'm not.
>>
>> My original point was that you can definitely access filesystems
>> from kexts, but I was under the impression that kext loading was
>> handled exclusively by kextd and friends and obviously everything
>> will be up and running by that time.  As you've pointed out, that's
>> not a valid assumption; I learned something new today.
>>
>> It occurs to me that if your kext is loaded before the root filesystem is
>> mounted you could do somet goofy stuff like have a thread wait around until
>> it is available, but that probably falls under "here be dragons".
>>
>> --Ken
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Darwin-kernel mailing list      (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Integrity checks for Mac kernel extensions
      • From: Arun <email@hidden>
References: 
 >Re: Integrity checks for Mac kernel extensions (From: Ken Hornstein <email@hidden>)
 >Re: Integrity checks for Mac kernel extensions (From: Evan Lojewski <email@hidden>)

  • Prev by Date: Re: Integrity checks for Mac kernel extensions
  • Next by Date: Re: Integrity checks for Mac kernel extensions
  • Previous by thread: Re: Integrity checks for Mac kernel extensions
  • Next by thread: Re: Integrity checks for Mac kernel extensions
  • Index(es):
    • Date
    • Thread