[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [f-cpu] TLB right
Todays, linux use 1 big page for kernel, so there isn't any page miss
inside the kernel code. That's speed up things ! If you use many pages
to protect things, you could lose speed.
Maybe, this could be used to create modules with superuser privileges.
It could be interresting to protect kernel from a bad written driver.
Usualy it is done by using user space. But you don't prevent anything if
the driver touch the tlb stuff.
I beleive it's none sense because superuser code could always change tlb
entries. And to avoid sending a kernel space adresse to a user call, you
only have to check the pointer MSB bit...
nicO
cedric a écrit :
>
> Hi,
>
> I am back from vacation and I read some thing coming from scary movie. We
> must use 3 bits for right and that was an absolute requirement from the guy
> that work on the grsecurity patch. Never remove it, without them we will have
> some security problem.
> The use of a special instruction to know if the pointer is a part of the
> kernel or not, mean that we need to change all the kernel exported function
> to verify in software if all the pointer are ok or not. So if we port an OS,
> we need to do a lot of change, and we can forget some of them (like the last
> local bug in OpenBSD).
> To conclude, I am for super user security bits and we need 3 "real" bits for
> security.
>
> Cedric
>
> *************************************************************
> To unsubscribe, send an e-mail to majordomo@seul.org with
> unsubscribe f-cpu in the body. http://f-cpu.seul.org/
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu in the body. http://f-cpu.seul.org/