search

lkrg-org / lkrg

Linux Kernel Runtime Guard
https://lkrg.org
Other
414 stars 72 forks source link

VirtualBox host software compatibility #82

Open adrelanos opened 3 years ago

adrelanos commented 3 years ago

Could you please consider either,

A) introducing a loader which sets the required lkrg module parameters to be compatible with the VirtualBox host software

Example loader: https://github.com/Whonix/lkrg/blob/old-master/debian/lkrg-loader

OR,

B) a more sophisticated solution

Quote @solardiz https://github.com/openwall/lkrg/pull/68#issuecomment-823252264

Is there a (strong) technical reason to have this inside LKRG itself and not in a loader script?

Another reason is what condition we check. Right now, Whonix' loader script checks whether VirtualBox is installed, not whether it's in use. This makes sense if the check is only done proactively and only once. LKRG itself could instead check for VirtualBox host's module being inserted into the kernel, so it'd only weaken LKRG protection if and when this happens. Optionally, it could also revert the weakening when the module is removed from the kernel.

if command -v vboxmanage &>/dev/null ; then
   ## https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/32
   ## https://www.openwall.com/lists/lkrg-users/2020/01/24/2
   ## https://www.openwall.com/lists/lkrg-users/2020/01/25/2
   lkrg_opts="msr_validate=0 pcfi_validate=1 $lkrg_opts"
elif command -v kvm &>/dev/null ; then
   ## Adam:
   ## For other hypervisors like KVM/qemu you can keep pcfi_validate=2 and only set
   ## msr_validate=0 (This hypervisor don't do such nasty calls like VirtualBox).
   lkrg_opts="msr_validate=0 $lkrg_opts"
   ## check if there is any binary in /usr/bin matching 'qemu*'
elif dpkg-query --show "qemu-system" &>/dev/null ; then
   lkrg_opts="msr_validate=0 $lkrg_opts"
fi
adrelanos commented 3 years ago

msr_validate=0 / lkrg.msr_validate = 0 is already the default. Therefore no more special code for KVM required.

For the VirtualBox host software the only settings required are

according to /etc/sysctl.d/30-lkrg-dkms.conf.

solardiz commented 3 years ago

For the VirtualBox host software the only settings required are

* `lkrg.pcfi_validate=1`

* `lkrg.profile_validate=2`

One of these settings is required for VirtualBox host, not both. You should use either custom configuration or profiles. No reason to first customize the configuration and then override that with a preset profile.

solardiz commented 3 years ago

One of these settings is required for VirtualBox host, not both.

Specifically, if you want to make the minimal change required for VirtualBox host, use only lkrg.pcfi_validate=1. Setting the entire profile weakens LKRG a bit more than is absolutely required for VirtualBox host.

Adam-pi3 commented 2 years ago

@adrelanos @solardiz should we close this issue?

adrelanos commented 2 years ago

Well, since I opened this issue I am biased to wish this to be implemented. :)

How come? https://github.com/adrelanos/security-misc/commit/7e128636b3a4ea7fe5dfa12018685ab7b5dda706 is a hack. It works for Kicksecure / Whonix users which has security-misc installed by default but not for LKRG by itself which would still be incompatible with the VirtualBox host software.

As per https://github.com/lkrg-org/lkrg/issues/82#issuecomment-886188999 LKRG would have to lkrg.pcfi_validate=1 for VirtualBox host software compatibility.

solardiz commented 2 years ago

@adrelanos @solardiz should we close this issue?

I think no, ideally we'd implement automatic detection of VirtualBox and adjust LKRG's default lkrg.pcfi_validate accordingly.