From: Jeff D. <jd...@ad...> - 2004-11-29 20:35:09
|
Prompted by some questions from Blaisorblade about whether something like skas mode might be implemented on unpatched hosts, I went ahead and did exactly that. The basic idea is that in place of /proc/mm and PTRACE_FAULTINFO, we have a couple of extra pages in the userspace process to hold code that we are going to use to make it change its address space and to handle segfaults so addresses and access modes can be reported back to the kernel process. The end result is something that is very close to skas mode, just as secure, loses two pages of address space to UML rather than .5G, should be almost as fast, and runs on a stock host kernel. The patch is available as skas0 from my patches page - http://user-mode-linux.sourceforge.net/patches.html and there is a good deal of commentary associated with it. Jeff |