From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: pageexec@freemail.hu
Cc: Andi Kleen <andi@firstfloor.org>,
Arjan van de Ven <arjan@infradead.org>,
linux-kernel@vger.kernel.org, mingo@elte.hu, tglx@tglx.de,
hpa@zytor.org
Subject: Re: [patch] Add basic sanity checks to the syscall execution patch
Date: Fri, 05 Sep 2008 20:14:07 +1000 [thread overview]
Message-ID: <1220609647.4879.169.camel@pasglop> (raw)
In-Reply-To: <48C0FF43.30940.2C3EFC0@pageexec.freemail.hu>
On Fri, 2008-09-05 at 11:43 +0200, pageexec@freemail.hu wrote:
> > I'd have considered taking your email serious if you had left out the
> > uncalled and unneeded sarcasm line at the end.
>
> consider how your whole patch is based on one big self-contradiction.
> you already assume that the attacker *can* modify arbitrary kernel memory
> (even the otherwise *read-only* syscall table at that), but at the very
> same time you're saying he *can't* use the same powers to patch out your
> 'protection' or do many other things to evade it. as it is, it's cargo cult
> security at its best, reminding one on the Vista kernel's similar 'protection'
> mechanism for the service descriptor tables...
Well, I see it a different way ... it will once for all screw up
binary modules that try to add syscalls :-)
Ben.
next prev parent reply other threads:[~2008-09-05 10:14 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-04 2:51 [patch] Add basic sanity checks to the syscall execution patch Arjan van de Ven
2008-09-04 12:01 ` Andi Kleen
2008-09-04 12:34 ` Alan Cox
2008-09-04 13:06 ` Andi Kleen
2008-09-04 12:44 ` Arjan van de Ven
2008-09-05 9:43 ` pageexec
2008-09-05 10:14 ` Benjamin Herrenschmidt [this message]
2008-09-05 10:49 ` pageexec
2008-09-05 10:57 ` Benjamin Herrenschmidt
2008-09-05 11:42 ` Ingo Molnar
2008-09-05 12:00 ` pageexec
2008-09-05 15:42 ` Ingo Molnar
2008-09-05 16:23 ` pageexec
2008-09-05 16:52 ` Ingo Molnar
2008-09-05 17:26 ` Andi Kleen
2008-09-05 19:42 ` pageexec
2008-09-05 20:48 ` Andi Kleen
2008-09-05 19:37 ` pageexec
2008-09-06 15:42 ` Ingo Molnar
2008-09-07 0:17 ` pageexec
2008-09-05 12:01 ` Andi Kleen
2008-09-05 20:41 ` Willy Tarreau
2008-09-06 15:45 ` Ingo Molnar
2008-09-06 16:34 ` Jeroen van Rijn
2008-09-07 12:53 ` Pavel Machek
2008-09-05 16:05 ` Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1220609647.4879.169.camel@pasglop \
--to=benh@kernel.crashing.org \
--cc=andi@firstfloor.org \
--cc=arjan@infradead.org \
--cc=hpa@zytor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=pageexec@freemail.hu \
--cc=tglx@tglx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.