[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume

To: f-cpu@seul.org
Subject: Re: Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
From: Michael Riepe <michael@stud.uni-hannover.de>
Date: Fri, 9 Aug 2002 15:42:14 +0200
Delivered-To: archiver@seul.org
Delivered-To: f-cpu-outgoing@seul.org
Delivered-To: f-cpu@seul.org
Delivery-Date: Fri, 09 Aug 2002 12:15:44 -0400
In-Reply-To: <200208090826.32f8@th00.opsion.fr>; from Nicolas Boulay on Fri, Aug 09, 2002 at 08:26:50AM +0000
References: <200208090826.32f8@th00.opsion.fr>
Reply-To: f-cpu@seul.org
Sender: owner-f-cpu@seul.org

On Fri, Aug 09, 2002 at 08:26:50AM +0000, Nicolas Boulay wrote:
[...]
> >>> Kernel does not have it's own ASI. It is in the memory space in
> every process. 

That depends on the OS.

> Note that it may be possible to use a single set of access bits - if
> they are valid for both user and supervisor mode (I'll have to think
> that over). 
> 
> >>> there is always the same conceptual probleme : the kernel decide the
> right to put in the tlb. It's one of it's role. Usually kernel is always
> trusted.

And exactly that is the problem.

> But `supervisor mode is allowed to access everything' is a
> BIG mistake.
> 
> >>> Maybe. x86 is a big shit in this topic, but i have never heard about
> tricks to compromise the kernel that way. Kernel hacker meet at lsm does
> not speak about that (grsecurity patch maintainer (who mainly try to
> simulate a true none executing bit in x86), VM designer of the hurd).
> Maybe you discover a new concept of cracking. But i think it's really
> easy to verify the pointer given by the user process.

Depends on the OS, again.

> >>>Because the kernel is trusted, i can't imagine that you could
> compromise it's security by a call to it's own API. Because kernel could
> change the right in the tlb it could access what ever he want. If you
> want to make things like chmod (that could unallowed to access a file
> but a run of chmod could change that), how could the kernel be run
> without virtual adress. I think that should be done during task switch
> (christophe ?).

*Because* the kernel ist trusted, it is one of the main targets for
attacks. If you manage to hack the kernel, you can do everything
(compare root kits and `trojan' kernel modules). Therefore, the kernel
needs *more* protection than a (user) process with root privileges,
not less.

-- 
 Michael "Tired" Riepe <Michael.Riepe@stud.uni-hannover.de>
 "All I wanna do is have a little fun before I die"
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/

Follow-Ups:
- Re: Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
  - From: Ben Franchuk <bfranchuk@jetnet.ab.ca>
- Re: Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
  - From: nico <nicolas.boulay@ifrance.com>

References:
- Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
  - From: "Nicolas Boulay" <nicolas.boulay@ifrance.com>

Prev by Date: Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
Next by Date: Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
Prev by thread: Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
Next by thread: Re: Rep:Re: Rep:Re: Rep:Re: [f-cpu] TLB resume
Index(es):
- Date
- Thread