> On Wed, 3 Jan 2001, Alexander Viro wrote:
>
> > > This preliminary, small patch prevents execution of system calls which
> > > were executed from a writable segment. It was tested and seems to work,
> > > without breaking anything. It also reports of such calls by using printk.
> >
> > Get real. Attacker can set whatever registers he needs and jump to one
> > of the many instances of int 0x80 in libc. There goes your protection.
>
> But unlike syscalls, offsets inside libc do change. Aren't they?
> Programs don't have to use libc, they can be compiled as static.
Yes. And they will exit without system calls... how, exactly? Dumping core?
Libc or not, you _will_ have 0xcd 0x80 that can be executed. It's not like
searching for these two bytes was a problem, after all - several instructions
is all it takes.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/