[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] memory introspection

  • To: xen-devel@xxxxxxxxxxxxx
  • From: Mihai DonÈu <mihai.dontu@xxxxxxxxx>
  • Date: Tue, 12 Jun 2012 18:13:09 +0300
  • Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
  • Delivery-date: Tue, 12 Jun 2012 15:13:24 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gmail.com; b=UV+ClpYKVWVmFR8zWEBIayT89GBShgCObOWmG6TBZSfgdFk0AF33xjnupY4LYCQlHiE1nDG5/SQuz2Wmnww+1yYe63CsNf+zRiDZZUIGJ6zCI0QTG+HbF5friEr/4RRMPzXMVLqjNhF0plsbwssE9KlzOZ+h8gmfWcf5XJs0xNw= ;
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
On Tue, 12 Jun 2012 18:09:30 +0400 George Shuklin wrote:
> I think creating a hypervisor-level GPL component with some kind API
> and using it by proprietary dom0-level utility is fine solution.
> Especially, if you make it somehow usable for all other world by
> defining good API.
> 

Let me offer some more details to make sure the image of what I'm doing
is as clear as possible: the technology which focuses on rootkit
detection by monitoring registers and memory accesses is encapsulated
into a PE shared library (DLL). It's designed to be used with multiple
hypervisors. This is the closed source blob. Because of its licensing
and binary format it cannot be linked directly into Xen, so it needs
to be "injected" (as if it were a module). So what I'm planning to do
is:

    1. add a component which provides a generic API that can be used by
       memory introspection technologies;
    2. add a custom component which knows how to link in our
       introspection engine (load a PE, resolve relocations etc.)

They will both be licensed under GPL. The second one, however, will not
be too useful to a lot of people. It doesn't really fit in Xen as it
is, it would if Xen had support for modules (so people can opt it out).
I can probably pre-patch the PE and produce an image which can be
loaded at a fixed address too ...

Now, from dom0 an user space tool would talk with the #2 component and
inject the introspection engine into the HV. This is where the legal
situation arises: when the whole thing starts functioning, there will
effectively be a non-free piece of code talking with a GPL one _within
the hypervisor_ (not hv <> dom0). How frowned upon is that? :-)

Ummm, as I'm writing this I get all kinds of ideas: I could probably
convert the PE to ELF and add primitive module loading support to Xen.
The module itself, however, will not be GPL.

-- 
Mihai DonÈu

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.