Re: [patch 0/6] lightweight robust futexes: -V3

From: Paul Jackson
Date: Thu Feb 16 2006 - 15:46:35 EST

Next message: Daniel Walker: "Re: [patch 0/6] lightweight robust futexes: -V3"
Previous message: Nathan Scott: "Re: oops, 2.6.15.4 + qla1280+md+xfs+quota (fwd)"
In reply to: Ingo Molnar: "Re: [patch 0/6] lightweight robust futexes: -V3"
Next in thread: Ingo Molnar: "Re: [patch 0/6] lightweight robust futexes: -V3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel wrote:
> "on the surface" you could manipulate the futex_offset to
> access memory unrelated to the futex structure .

If a piece of malicious code has wormed its way far enough into my
application to be manipulating this list, then I don't think that code
will gain any further advantage by manpulating this list. I think my
application is already powned.

That malicious code would have no need to have the kernel futext handling
code do its dirty work indirectly via manipulations of this list. It can
just do the dirty work directly.

All Ingo needs to insure is that the kernel will assume no more
priviledge when reading/writing this list than the current task had,
from user space, reading/writing this list.

--
I won't rest till it's the best ...
Programmer, Linux Scalability
Paul Jackson <pj@xxxxxxx> 1.925.600.0401
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Walker: "Re: [patch 0/6] lightweight robust futexes: -V3"
Previous message: Nathan Scott: "Re: oops, 2.6.15.4 + qla1280+md+xfs+quota (fwd)"
In reply to: Ingo Molnar: "Re: [patch 0/6] lightweight robust futexes: -V3"
Next in thread: Ingo Molnar: "Re: [patch 0/6] lightweight robust futexes: -V3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]