Re: [RFC] prevention of syscalls from writable segments, breaking bug exploits

From: Alexander Viro (viro@math.psu.edu)
Date: Wed Jan 03 2001 - 17:49:17 EST


On Wed, 3 Jan 2001, Mark Zealey wrote:

> On Wed, 3 Jan 2001, Alexander Viro wrote:
>
> >
> >
> > On Wed, 3 Jan 2001, Dan Hollis wrote:
> >
> > > On Wed, 3 Jan 2001, Alexander Viro wrote:
> > > > On Wed, 3 Jan 2001, Dan Aloni wrote:
> > > > > without breaking anything. It also reports of such calls by using printk.
> > > > Get real.
> > >
> > > Why do you always have to be insulting alex? Sheesh.
> >
> > Sigh... Not intended to be an insult. Plain and simple advice. Idea is
> > broken for absolutely obvious reasons (namely, every real-life program
>
> This doesnt stop syscalls, only syscalls from writable areas.

And? Syscall is a couple of bytes. 0xcd and 0x80. Find one in non-writable
area, put whatever you want into registers and jump to the address where
these two bytes sit. Voila. If all such places are in writable areas -
there you go, the process you've attacked could not perform any
system calls itself.

Come on, folks, you can't be serious - think for a couple of minutes and
you'll come up with a trivial way to work around such protection. In a
dozen bytes or so.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jan 07 2001 - 21:00:16 EST