Yes, it's true that you could misuse phys_addr(2) this way. On the
other hand your attack relies on mlock(2) privileges in the first
place. This option is not available to non-root processes. If I want
to bring a machine to its knees, and I have root access, I'm not going
to bother with fragmenting memory. I'll just run halt(8)!
So far all the "security problems" I've seen raised about phys_addr(2)
are in fact just problems with existing facilities being abused. The
phys_addr(2) syscall confers no extra benefits/privileges other than
convenience.
> This simple version could be easily defeated with ulimit, but is it
> possible a more sophisticated version wouldn't be?
Show me a way of abusing phys_addr(2) which doesn't rely on root
privileges and can't be done without phys_addr(2) (note that I can
write an unprivileged programme which will punish your machine with
resorting to phys_addr(2) at all).
Please, everyone. I'm convinced that phys_addr(2) "abuse" is a
non-issue. Show me *how* phys_addr(2) can lead to attacks that you
otherwise couldn't do.
Regards,
Richard....
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html