Re: [RFC] prevention of syscalls from writable segments, breaking bug exploits

From: Dan Aloni (karrde@callisto.yi.org)
Date: Wed Jan 03 2001 - 17:03:25 EST

On Wed, 3 Jan 2001, Alexander Viro wrote:

> > This preliminary, small patch prevents execution of system calls which
> > were executed from a writable segment. It was tested and seems to work,
> > without breaking anything. It also reports of such calls by using printk.
>
> Get real. Attacker can set whatever registers he needs and jump to one
> of the many instances of int 0x80 in libc. There goes your protection.

But unlike syscalls, offsets inside libc do change. Aren't they?
Programs don't have to use libc, they can be compiled as static. 

-- 
Dan Aloni 
dax@karrde.org

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Sun Jan 07 2001 - 21:00:16 EST