Re: [RFC] prevention of syscalls from writable segments, breaking bug exploits

From: Alexander Viro (viro@math.psu.edu)
Date: Wed Jan 03 2001 - 17:31:30 EST


On Wed, 3 Jan 2001, Dan Hollis wrote:

> On Wed, 3 Jan 2001, Alexander Viro wrote:
> > On Wed, 3 Jan 2001, Dan Aloni wrote:
> > > without breaking anything. It also reports of such calls by using printk.
> > Get real.
>
> Why do you always have to be insulting alex? Sheesh.

Sigh... Not intended to be an insult. Plain and simple advice. Idea is
broken for absolutely obvious reasons (namely, every real-life program
contains at least one syscall that it _can_ execute). Expecting _any_
part of userland to be rewritten into the form that would not have
such places (i.e. all IO is done by trusted processes that poll
memory areas shared with the programs needing said IO, exit is done
either by explicit kill() from another process or by dumping core, signals
are done by putting request into shared area and letting a trusted process
do the thing, etc.) warrants such suggestion, doesn't it? If somebody
seriously believes that it can be done (and that's the only way how this
patch could give any protection)... Well, scratch "get real", I've got a
nice bridge for sale.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jan 07 2001 - 21:00:16 EST