Re: [patch] Add basic sanity checks to the syscall execution patch

From: Benjamin Herrenschmidt
Date: Fri Sep 05 2008 - 06:14:53 EST

Next message: Ilya Yanok: "Re: [PATCH] ASYNC_TX: fix the bug in async_tx_run_dependencies"
Previous message: Bryan Wu: "[PATCH 1/1] ASoC codec: SSM2602 audio codec driver (v3)"
In reply to: pageexec: "Re: [patch] Add basic sanity checks to the syscall execution patch"
Next in thread: pageexec: "Re: [patch] Add basic sanity checks to the syscall execution patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2008-09-05 at 11:43 +0200, pageexec@xxxxxxxxxxx wrote:
> > I'd have considered taking your email serious if you had left out the
> > uncalled and unneeded sarcasm line at the end.
>
> consider how your whole patch is based on one big self-contradiction.
> you already assume that the attacker *can* modify arbitrary kernel memory
> (even the otherwise *read-only* syscall table at that), but at the very
> same time you're saying he *can't* use the same powers to patch out your
> 'protection' or do many other things to evade it. as it is, it's cargo cult
> security at its best, reminding one on the Vista kernel's similar 'protection'
> mechanism for the service descriptor tables...

Well, I see it a different way ... it will once for all screw up
binary modules that try to add syscalls :-)

Ben.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ilya Yanok: "Re: [PATCH] ASYNC_TX: fix the bug in async_tx_run_dependencies"
Previous message: Bryan Wu: "[PATCH 1/1] ASoC codec: SSM2602 audio codec driver (v3)"
In reply to: pageexec: "Re: [patch] Add basic sanity checks to the syscall execution patch"
Next in thread: pageexec: "Re: [patch] Add basic sanity checks to the syscall execution patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]