Re: using segmentation in the kernel

From: Al Viro
Date: Tue Oct 11 2005 - 16:12:40 EST

Next message: Mark Knecht: "Re: 2.6.14-rc4-rt1"
Previous message: Robert Crocombe: "Re: PS/2 Keyboard under 2.6.x"
In reply to: Alon Bar-Lev: "Re: using segmentation in the kernel"
Next in thread: Brian Gerst: "Re: using segmentation in the kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 11, 2005 at 10:24:46PM +0200, Alon Bar-Lev wrote:
> Brian Gerst wrote:
> >Jonathan M. McCune wrote:
> >
> >>Hello,
> >>
> >Why send the kernel back to the 2.0 days? There is no valid reason for
> >doing this with they way x86 segmentation works, which is why it was
> >done away with in 2.1.
> >
>
> But with segmentation you can set code to be read-only,
> disallow execution from stack, separate modules so that they
> will not affect kernel and more...

You do realize that it's a BS, don't you?

* attacker that would rewrite kernel code can switch a pointer to method in
any of the method tables (or pointer to the entire method table, while we are
at it).
* overwriting return address is trivial if you got stack smashing and there
is a plenty of interesting functions in the kernel ready to elevate priveleges
* modules rely on practically complete access to kernel data structures, so
no amount of playing with rings will change anything for them.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Knecht: "Re: 2.6.14-rc4-rt1"
Previous message: Robert Crocombe: "Re: PS/2 Keyboard under 2.6.x"
In reply to: Alon Bar-Lev: "Re: using segmentation in the kernel"
Next in thread: Brian Gerst: "Re: using segmentation in the kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]