lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Aug 2007 00:48:35 +0200 From: Andi Kleen <andi@...stfloor.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Andi Kleen <andi@...stfloor.org>, Hajime Inoue <hinoue@...l.carleton.ca>, linux-kernel@...r.kernel.org Subject: Re: System call interposition/unprotecting the table > Then you fix the specific case and the game continues. If they intercept netdev->hard_start_xmit there is nothing to fix. Or inode->i_ops or any other virtual method pointer that is called often.. Putting i_ops into const memory doesn't help either -- they can just copy them and use their own and replace the pointer in any accessed inode. It's also not that doing this is rocket science. Anybody barely skilled in computer architecture should be able to figure this out. Ok the only thing that could help is IA64/PPC64 style smart pointer checking that could prevent foreign code from being executed, but you won't get that on x86 or most other architectures any time soon. And that would also only work if you disable module loading or implement a likely impractical/incompatible with free software code signing scheme (and Vista has just shown that these don't work anyways) > > In general the .data protection is only considered a debugging > > feature. I don't know why Fedora enables it in their production > > kernels. > > That would be because we think you are wrong 8) Well, it might at best buy you a few weeks/months in terms of the exploit arms race, but thrash your user's TLBs forever. -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists