From: Richard W. <ri...@no...> - 2011-08-23 17:30:02
|
Am 23.08.2011 19:07, schrieb Al Viro: > On Tue, Aug 23, 2011 at 06:58:18PM +0200, Richard Weinberger wrote: > >> What about this hack/solution? >> While booting UML can check whether the host's vDSO contains >> a SYSCALL instruction. >> If so, UML will not make the host's vDSO available to it's >> processes... > > Note that this is *only* for 32bit side of things. 64bit one works fine... I know. :) > I wouldn't search for SYSCALL in vdso, BTW - not when we have a good way > to trigger that crap and recognize it. > > At boot time, fork a child. Have it traced with PTRACE_SYSCALL. Let it > put recognizable values in registers and call __kernel_vsyscall(). Then > let the parent do one more PTRACE_SYSCALL, then PTRACE_POKEUSER and set ebp > to 0x69696969. PTRACE_CONT the sucker and let it report what it sees in ecx. > If it's what we'd put there - fine, it looks safe. If it's 0x69696969 - > we have a problem, no vdso for us. Okay, this is a much cleaner approach. But first I've to find a machine where I can test the issue. At home none on of my x86_64 machines is SYSCALL-based. Tomorrow I'll search at the university for one... Thanks, //richard |