lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <48C10EC5.24400.3008276@pageexec.freemail.hu>
Date:	Fri, 05 Sep 2008 12:49:41 +0200
From:	pageexec@...email.hu
To:	benh@...nel.crashing.org
CC:	Andi Kleen <andi@...stfloor.org>,
	Arjan van de Ven <arjan@...radead.org>,
	linux-kernel@...r.kernel.org, mingo@...e.hu, tglx@...x.de,
	hpa@...or.com
Subject: Re: [patch] Add basic sanity checks to the syscall execution patch

On 5 Sep 2008 at 20:14, Benjamin Herrenschmidt wrote:

> On Fri, 2008-09-05 at 11:43 +0200, pageexec@...email.hu wrote:
> > > I'd have considered taking your email serious if you had left out the
> > > uncalled and unneeded sarcasm line at the end.
> > 
> > consider how your whole patch is based on one big self-contradiction.
> > you already assume that the attacker *can* modify arbitrary kernel memory
> > (even the otherwise *read-only* syscall table at that), but at the very
> > same time you're saying he *can't* use the same powers to patch out your
> > 'protection' or do many other things to evade it. as it is, it's cargo cult
> > security at its best, reminding one on the Vista kernel's similar 'protection' 
> > mechanism for the service descriptor tables...
> 
> Well, I see it a different way ... it will once for all screw up
> binary modules that try to add syscalls :-)

and that'd be because at the same time they patch the syscall table (remember,
they already have to go to length to get around the read-only pages), they
can't also patch this 'protection'? sounds really plausible, right :).

[fixed hpa's address, .org bounces.]

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ