Re: Misc Fixes

Philip Blundell (
Sat, 13 Jul 1996 14:44:16 +0100 (BST)

On Fri, 12 Jul 1996, Steffen Grunewald wrote:

> |> It doesnt help. The malicious module does
> |>
> |> unsigned long **ptr=(unsigned long **)&get_securelevel;
> |> unsigned long *securelevelptr=ptr[SOME_CONSTANT];
> |> *securelevelptr=0;
> So we have to implement some `immutable memory' mechanism. once the
> securelevel is set, it has to be (and the whole page) turned to readonly.
> What a waste of valuable memory ! (I hear people complain about kernel
> bloat once again :-)

No. As Alan said, we just have to disallow module loads. If you start
allowing untrusted code to be inserted into the kernel, you can abandon
all pretence at security.

Because modules run with kernel privilege, there's nothing you can do to
keep them in check. If you set the page to be readonly, the rogue module
can just set it back again.