Thread: [Announce] Enhanced BusyBox package
View Single Post
iDont is offline iDont
2012-10-19 , 12:03
Posts: 268 | Thanked: 1,053 times | Joined on May 2010 @ The Netherlands
#315
Originally Posted by Hurrian View Post
I would definitely wonder how exactly you'd check for that using the regular Aegis tools, as with the neutered Aegis ("Yes, we passed all checks, sire!") kernel, it does what it says on the lid - not return an -EPERM.
The only way I can think of to reliably determine aegis' true enforcement status, is by actually testing it. We only need to get an executable file under aegis' protection, backup & modify it, and test whether it can still be executed. This executable file could be a simple shell script that calls "exit 0".
The executable file and code to "test it" (and restore it afterwards) could be included in busybox-power's packaging or a separate "aegis-test-enforcement" package (which could be reused by other packages).

Unfortunately, this is by all means not a proper solution to the problem. And besides that, it only tests one aspect of aegis' security options.

Originally Posted by Hurrian View Post
Perhaps check uname for the build date? IIRC there is no versioning method published for these kernels, especially that they're not flashable on-device like the N900.
This crossed my mind as well. The build date doesn't say anything about aegis being neutered or not however.
And including a list of known patched Open Mode kernels doesn't really sound sustainable as well :-/.

Originally Posted by Hurrian View Post
I suggest that new aftermarket kernels leave a sysfs entry (/sys/kernel/security/validator/neutered, perhaps?) to let developers know which kind of device they're working with. Especially when it's an unknown ratio of Inception:Openmode users.
This would most definitely be a good solution. We need to be able to reliably differentiate patched Open Mode kernels from regular kernels missing Nokia's signature, and the (lack of) presence of a sysfs entry could do this job.
Last edited by iDont; 2012-10-19 at 12:06.
 

The Following 2 Users Say Thank You to iDont For This Useful Post: