Re: [patch] Add basic sanity checks to the syscall execution patch
From: Benjamin Herrenschmidt
Date: Fri Sep 05 2008 - 06:14:53 EST
On Fri, 2008-09-05 at 11:43 +0200, pageexec@xxxxxxxxxxx wrote:
> > I'd have considered taking your email serious if you had left out the
> > uncalled and unneeded sarcasm line at the end.
>
> consider how your whole patch is based on one big self-contradiction.
> you already assume that the attacker *can* modify arbitrary kernel memory
> (even the otherwise *read-only* syscall table at that), but at the very
> same time you're saying he *can't* use the same powers to patch out your
> 'protection' or do many other things to evade it. as it is, it's cargo cult
> security at its best, reminding one on the Vista kernel's similar 'protection'
> mechanism for the service descriptor tables...
Well, I see it a different way ... it will once for all screw up
binary modules that try to add syscalls :-)
Ben.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/