[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[f-cpu] syscall



Of course, we can imagine to use jump to call a supervisor code, like ARM does. That means the user code must provide the supervisor code start address, provided this one resides on a supervisor address space.  
 
Jump can have flags to indicate a supervisor mode entering or leaving.
 
But such a thing suppose that a user code is unable to turn a user address space area in a supervisor address space area.
 
Just take an example :
 
An user code allocates via "mmap" a writable user space. It writes an executable code into it. it call "mprotect" to change the access rights so the writable user space turns into an executable supervisor space. The user space just need to use the "jmp" with providing a start address in the executable supervisor space... the user code thru its troyan horse would be now able to spy all the supervisor regions of kernel.