[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [f-cpu] TLB right

To: f-cpu@seul.org
Subject: Re: [f-cpu] TLB right
From: cedric <cedric.bail@free.fr>
Date: Fri, 16 Aug 2002 05:08:19 +0200
Delivered-To: archiver@seul.org
Delivered-To: f-cpu-outgoing@seul.org
Delivered-To: f-cpu@seul.org
Delivery-Date: Thu, 15 Aug 2002 16:39:07 -0400
In-Reply-To: <3D5BCDB0.54D70AD0@ifrance.com>
References: <200208140547.02827.cedric.bail@free.fr> <3D5BCDB0.54D70AD0@ifrance.com>
Reply-To: f-cpu@seul.org
Sender: owner-f-cpu@seul.org

> Todays, linux use 1 big page for kernel, so there isn't any page miss
> inside the kernel code. That's speed up things ! If you use many pages
> to protect things, you could lose speed.

The problem isn't with the kernel page (and we can still have a big page for 
the kernel). The problem is for user page, when you do a malloc you say that 
the kernel can't execute them, and your kernel will be protected from all 
attack that want to execute user code with kernel right and in hardware.

> Maybe, this could be used to create modules with superuser privileges.
> It could be interresting to protect kernel from a bad written driver.
> Usualy it is done by using user space. But you don't prevent anything if
> the driver touch the tlb stuff.

That's not the problem. You can't protect the kernel from itself, and a driver 
(in Linux) is a part of the kernel and not from the outside. We can probably 
do a protection in kernel with a special handler for SR write in kernel mode, 
but it's still an idea.

> I beleive it's none sense because superuser code could always change tlb
> entries. And to avoid sending a kernel space adresse to a user call, you

Not true, you can have a TLB handler on write that make an authentification of 
the code that want to write data into the TLB. With a SR write handler and a 
special TLB handler you can have a really securised kernel. 
	At least it will not cost a lot to do that, because the 2 handlers will only 
be called when they are not in IRQ/TRAP.

> only have to check the pointer MSB bit...

And only have to forgot some of them like in OpenBSD... the most secur OS

> > So if we port an OS,
> > we need to do a lot of change, and we can forget some of them (like the
> > last local bug in OpenBSD).
>
> Every kernel call should be check, so what ?

If in OpenBSD they have forgotten one, they can forget it in other OS, so more 
security you have better it is. And it's easy to write a TLB handler and a SR 
handler than to modify all the kernel call and not to forget any of them.

Cedric

*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/

References:
- [f-cpu] TLB right
  - From: cedric <cedric.bail@free.fr>
- Re: [f-cpu] TLB right
  - From: nico <nicolas.boulay@ifrance.com>

Prev by Date: Re: [f-cpu] TLB right
Next by Date: Re: [f-cpu] TLB right
Prev by thread: Re: [f-cpu] TLB right
Next by thread: Re: [f-cpu] TLB right
Index(es):
- Date
- Thread