Re: [PATCH] paravirt.h
From: Zachary Amsden
Date: Tue Aug 22 2006 - 13:33:53 EST
Andi Kleen wrote:
On Tuesday 22 August 2006 16:25, Adrian Bunk wrote:
On Tue, Aug 22, 2006 at 03:50:57PM +0200, Andi Kleen wrote:
What's the alternative?
this would need a "const after boot" section; which is really not hardexcept for anything that needs tlb entries in user space. And it only gives you
to make and probably useful for a lot more things.... todo++
false sense of security. --todo
The alternative is to not protect it, since protecting it doesn't
offer any significant additional security over not protecting it.
Didn't someone point out yet that if you are vulnerable to someone
loading a kernel module of their choosing, you lose, plain and simple?
You don't need paravirt-ops to implement a rootkit, and it doesn't make
it any easier, and write protecting it is totally useless. How do you
think VMware runs on Linux? It takes over the hardware entirely, loads
a hypervisor, and starts running in a completely different world. And
it doesn't even need to use a single _GPL'd export to do that.
Write protection is great as a debug option to find accidental memory
corruptions. It is useless as a technique to prevent subversion. Um
hello, you're already at CPL-0. Just rewrite the page tables already.
Change it from a struct to a compile time choice?
One of the design goals of paravirt-ops was to allow single binaries
that run on both native hardware and on hypervisors. So that would
be a non starter.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/