Re: using segmentation in the kernel

From: Al Viro
Date: Tue Oct 11 2005 - 16:12:40 EST

On Tue, Oct 11, 2005 at 10:24:46PM +0200, Alon Bar-Lev wrote:
> Brian Gerst wrote:
> >Jonathan M. McCune wrote:
> >
> >>Hello,
> >>
> >Why send the kernel back to the 2.0 days? There is no valid reason for
> >doing this with they way x86 segmentation works, which is why it was
> >done away with in 2.1.
> >
> But with segmentation you can set code to be read-only,
> disallow execution from stack, separate modules so that they
> will not affect kernel and more...

You do realize that it's a BS, don't you?

* attacker that would rewrite kernel code can switch a pointer to method in
any of the method tables (or pointer to the entire method table, while we are
at it).
* overwriting return address is trivial if you got stack smashing and there
is a plenty of interesting functions in the kernel ready to elevate priveleges
* modules rely on practically complete access to kernel data structures, so
no amount of playing with rings will change anything for them.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at