security patch

From: breno
Date: Thu Sep 22 2005 - 14:48:31 EST

Next message: Blaisorblade: "Re: PTRACE_SYSEMU numbering"
Previous message: Peter Staubach: "Re: [NFS] Re: [PATCH] repair nfsd/sunrpc in 2.6.14-rc2-mm1 (and other-mm versions)"
Next in thread: Valdis . Kletnieks: "Re: security patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi people,

I'm doing a new feature for linux kernel 2.6 to protect against all kinds of buffer
overflow. It works with new sys_control() system call controling if a process can or can't
call a system call ie. sys_execve();

You can do it using /bin/sys_control <pid> <enable or not system call> <eax of system
call> <secret number>
for process that never call for example sys_execve(), setuid() ( you must need specify
each eax for each system call) and use some functions in sys_control.h like lock_execve(n)
and unlock_execve(n), where n is a secret number defined in sysctl. With this functions
you will use system calls only when you need.
All shellcodes that use system calls like sys_execve() sys_setuid() will not work with
this feature.

I think it can be an option in linux kernel.

Questions .. suggestions.

Thanks

Breno at kalangolinux.org

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Blaisorblade: "Re: PTRACE_SYSEMU numbering"
Previous message: Peter Staubach: "Re: [NFS] Re: [PATCH] repair nfsd/sunrpc in 2.6.14-rc2-mm1 (and other-mm versions)"
Next in thread: Valdis . Kletnieks: "Re: security patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]