Re: Rep:Re: Rep:Re: [f-cpu] TLB right + resume

[Michael Riepe <michael@stud.uni-hannover.de>]

On Tue, Aug 20, 2002 at 09:05:08AM +0000, Nicolas Boulay wrote:
[...]
> > 3- execute librairy call to execute excve with /bin/sh to have a shell
> > access.
> 
> That's a SW problem.
> 
> >>> A compiler problem, so an abi problem. The last security problem in
> case of buffer overflow.
> 
> > 4- diseable any possiblity of buffer overflow.
> 
> Dto.
> 
> >>> ??? don't understand that word.

Sorry... it was supposed to mean "same as above".

> > 5- Protect part of the kernel (driver) from it-self
> 
> That's what you need fine-grained access rights for.
> 
> >>> Do you think it's wise to protect the kernel from it-self ? 

It's a side-effect when you protect the kernel from user code.

> >>> What you think about the idea of tagged page that could only be used
> by tagged read&write instructions (to protect data page of the kernel
> and return stack write) ?

I'm afraid that will help only if you compile all your binaries yourself
(otherwise, they might contain "trojan writes").

-- 
 Michael "Tired" Riepe <Michael.Riepe@stud.uni-hannover.de>
 "All I wanna do is have a little fun before I die"
*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/