Re: [patch] Add basic sanity checks to the syscall execution patch

From: Arjan van de Ven
Date: Fri Sep 05 2008 - 12:06:18 EST

Next message: David Woodhouse: "[GIT *] Fixes for 2.6.27"
Previous message: Ingo Molnar: "Re: [patch 1/2] x2apic: fix reserved APIC register accesses inprint_local_APIC()"
In reply to: Pavel Machek: "Re: [patch] Add basic sanity checks to the syscall execution patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 05 Sep 2008 11:43:31 +0200
pageexec@xxxxxxxxxxx wrote:

> consider how your whole patch is based on one big self-contradiction.
> you already assume that the attacker *can* modify arbitrary kernel
> memory (even the otherwise *read-only* syscall table at that), but at
> the very same time you're saying he *can't* use the same powers to
> patch out your 'protection' or do many other things to evade it. as
> it is, it's cargo cult security at its best, reminding one on the
> Vista kernel's similar 'protection' mechanism for the service
> descriptor tables...

so I'm not going to say that the patch is important or good;
it's the result of ben mentioning the idea on irc and me thinking "sure
lets see what it would take and cost".
Nothing more than that

--
If you want to reach me at my work email, use arjan@xxxxxxxxxxxxxxx
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Woodhouse: "[GIT *] Fixes for 2.6.27"
Previous message: Ingo Molnar: "Re: [patch 1/2] x2apic: fix reserved APIC register accesses inprint_local_APIC()"
In reply to: Pavel Machek: "Re: [patch] Add basic sanity checks to the syscall execution patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]