Re: [PATCH] x86: prevent binaries from making system calls usingthe wrong syscall interface

From: Jeremy Fitzhardinge
Date: Fri Aug 08 2008 - 02:30:10 EST

Next message: Andrew Morton: "Re: [PATCH 4/4] autofs4 - add miscelaneous device for ioctls"
Previous message: Hirokazu Takahashi: "Re: RFC: I/O bandwidth controller"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Davidson wrote:

Prevent binaries from making system calls using other than one
of the "normal" system call interfaces for that binary type.

Currently there is nothing to prevent 64 bit binaries from
attempting to make system calls using the 32 bit system call
interfaces and vice versa.

No. While I'm not sure it's been used, it would definitely be useful to be able to invoke 32-bit int 0x80 syscalls in 64-bit bit process for something like Valgrind.

Issuing 64-bit syscalls from a 32-bit process would be... interesting.

Since the 32 bit and 64 bit system call numbers are different
this means that a binary could attempt to obfuscate which system
calls it was actually making by using the "wrong" system call
interface. In particular, the call to audit_syscall_entry()
relies on checking the TIF_IA32 flag to determine whether it is
dealing with a 32 or 64 bit system call without regard to the
actual type of system call that was made.

Or just have separate 32-compat vs 64 bit audit paths which can clearly make the distinction.

J
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH 4/4] autofs4 - add miscelaneous device for ioctls"
Previous message: Hirokazu Takahashi: "Re: RFC: I/O bandwidth controller"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]