Re: [f-cpu] TLB right

[nico <nicolas.boulay@ifrance.com>]

Todays, linux use 1 big page for kernel, so there isn't any page miss
inside the kernel code. That's speed up things ! If you use many pages
to protect things, you could lose speed.

Maybe, this could be used to create modules with superuser privileges.
It could be interresting to protect kernel from a bad written driver.
Usualy it is done by using user space. But you don't prevent anything if
the driver touch the tlb stuff.

I beleive it's none sense because superuser code could always change tlb
entries. And to avoid sending a kernel space adresse to a user call, you
only have to check the pointer MSB bit...

nicO

cedric a écrit :
> 
> Hi,
> 
>         I am back from vacation and I read some thing coming from scary movie. We
> must use 3 bits for right and that was an absolute requirement from the guy
> that work on the grsecurity patch. Never remove it, without them we will have
> some security problem.
>         The use of a special instruction to know if the pointer is a part of the
> kernel or not, mean that we need to change all the kernel exported function
> to verify in software if all the pointer are ok or not. So if we port an OS,
> we need to do a lot of change, and we can forget some of them (like the last
> local bug in OpenBSD).
>         To conclude, I am for super user security bits and we need 3 "real" bits for
> security.
> 
> Cedric
> 
> *************************************************************
> To unsubscribe, send an e-mail to majordomo@seul.org with
> unsubscribe f-cpu       in the body. http://f-cpu.seul.org/
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/