* Need help for sysmask
@ 2005-06-03 6:32 XIAO Gang
0 siblings, 0 replies; only message in thread
From: XIAO Gang @ 2005-06-03 6:32 UTC (permalink / raw)
To: linux-kernel
Could somebody please help me with comments / checks / tests on my
kernel security patch "sysmask"? See http://wims.unice.fr/sysmask/doc/
for documentation and download.
This is a security project designed to allow set up systems that
tolerate (controlled) executions of arbitrary malicious codes without
being hurt. In practice, this means that the majority of current
security updates due to vulnerabilities in software, library or even
parts of the kernel will become unnecessary.
The code is now much stabilized after several weeks of intensive test on
a busy server (http://wims.unice.fr/), including a demo challenge page
(http://wims.unice.fr/wims/wims.cgi?module=adm/unice/challenge) that has
been bombarded with all sorts of tricks. The server runs on a patched
2.4.29, SMP-enabled but there is only one cpu in the hardware.
Sysmask is rather ready for a 1.00 release. But before doing so, it
would be great if the following problem could be solved with your help.
1. I hope that somebody can give it a test on other hw/sw configurations
with result feedback, especially for the 2.6 kernel versions and
hopefully on a true SMP with a good load level.
It would be best if some tests could be done with full activation of the
protection. For this some manual editing of the default sysmask
configuration files would be necessary. But this should be quite
straightforward, and the footprint of sysmask on an existing system is
strictly minimal, with only one file (/etc/inittab) that needs to be
modified in order to fully activate it.
2. Although I am not planning to submit the patch to the official kernel
immediately, it would like to be able to make it more conform to the
kernel standards and conventions. Among others, I need your help to
solve some known problemes, the biggest being squatting an existing
syscall number (sys_mpx). Of course this is just a temporary solution,
due to the fact that I don't know how to get a permanent one.
3. Another example is that the current patch adds a few hundred bytes
(200-300) to the size of task_struct. Is this potentially a problem,
should it be moved to a page allocation?
Please give me a cc if you reply to this message; I am not constantly following the list.
--
XIAO Gang (~{P$8U~}) xiao@unice.fr
home page: pcmath126.unice.fr/xiao.html
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-06-03 6:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-03 6:32 Need help for sysmask XIAO Gang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox