Re: mmap_min_addr and your local LSM (ok, just SELinux)

[Kees Cook]

On Tue, Jul 28, 2009 at 11:21:29AM +0200, Andi Kleen wrote:
> Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> writes:
> 
> > A dumb question perhaps, but while addling my brain over the tty layer I
> > was wondering if for the specific case of jump through NULL (which seems
> > to be the most common but by no means only problem case that gets
> > exploited) is there any reason we can't set a default breakpoint for
> 
> You mean a hardware breakpoint? Hardware break points are a precious
> scarce resource. The people who rely on them would be likely
> unhappy if you take one way from them.

Could the page table flags be used to mask this region?  i.e. force
PROT_NONE (with the "desired" flags stored elsewhere) and in the segv
handler check if it is kernel or user space, and then fix-up the flags and
continue if it's userspace?  (I really don't know the internals on this,
but it would need to restore PROT_NONE on task-switch or something...)

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/