Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262268AbTEKDn5 (ORCPT ); Sat, 10 May 2003 23:43:57 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262279AbTEKDn5 (ORCPT ); Sat, 10 May 2003 23:43:57 -0400 Received: from host132.googgun.cust.cyberus.ca ([209.195.125.132]:58030 "EHLO marauder.googgun.com") by vger.kernel.org with ESMTP id S262268AbTEKDnz (ORCPT ); Sat, 10 May 2003 23:43:55 -0400 Date: Sat, 10 May 2003 23:54:25 -0400 (EDT) From: Ahmed Masud To: Yoav Weiss Cc: Muli Ben-Yehuda , , Subject: Re: The disappearing sys_call_table export. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1209 Lines: 31 On Sat, 10 May 2003, Yoav Weiss wrote: > You're right, which is why I wouldn't offer it as a general mechanism. I > was merely offering a method to solve the current issue and fix Masud's > problem. This solution is good in many cases but dangerous in others. It > can be used as long as you inspect the original syscall to make sure its > param is just a simple string/int. True in most cases though. Like any security solution, if the vulnerabilities are identifiable and outlinable then the risk can be approximated. This is what is really needed in real-life situations, reallistically, we simply want an assessment of risk to clearly define what is and isn't acceptable level of protection. I will attempt to actually build attack scenarios based on these comments and post results to any one who is interested. Just as an aside, my solution isn't actually performing its control through user-space params requiring copy_from_user. Cheers, Ahmed. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/