Re: [RFC] prevention of syscalls from writable segments, breaking

Dan Aloni (karrde@callisto.yi.org)
Thu, 4 Jan 2001 00:03:25 +0200 (IST)


On Wed, 3 Jan 2001, Alexander Viro wrote:

> > This preliminary, small patch prevents execution of system calls which
> > were executed from a writable segment. It was tested and seems to work,
> > without breaking anything. It also reports of such calls by using printk.
>
> Get real. Attacker can set whatever registers he needs and jump to one
> of the many instances of int 0x80 in libc. There goes your protection.

But unlike syscalls, offsets inside libc do change. Aren't they?
Programs don't have to use libc, they can be compiled as static.

-- 
Dan Aloni 
dax@karrde.org

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/