[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [f-cpu] TLB right
cedric a écrit :
>
> Hi,
>
> I am back from vacation and I read some thing coming from scary movie. We
> must use 3 bits for right and that was an absolute requirement from the guy
> that work on the grsecurity patch. Never remove it, without them we will have
> some security problem.
> The use of a special instruction to know if the pointer is a part of the
> kernel or not, mean that we need to change all the kernel exported function
> to verify in software if all the pointer are ok or not.
That's how things are done today. In 32 bits adresse space, kernel are
in 4-2 Go. So you could put the mask 0x7FFFFFFF to every pointer. So if
it's a kernel adresse, it will point elsewhere and die or it could
verify the last bit of the pointer if it's 1 it kill the process.
> So if we port an OS,
> we need to do a lot of change, and we can forget some of them (like the last
> local bug in OpenBSD).
Every kernel call should be check, so what ?
nicO
> To conclude, I am for super user security bits and we need 3 "real" bits for
> security.
>
> Cedric
>
> *************************************************************
> To unsubscribe, send an e-mail to majordomo@seul.org with
> unsubscribe f-cpu in the body. http://f-cpu.seul.org/
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu in the body. http://f-cpu.seul.org/