Menu
▾
▴
Re: [User-mode-linux-devel] implementation questions
|
From: Jeff D. <jd...@ka...> - 2000-01-13 23:24:24
|
> > 3. Is the kernel protedted from user mode access, and if so, how? > > No. I thought I'd expand on this a little bit. It would make a nice project for someone who's interested (which I am, just not enough to implement it right now). The first problem is that a hostile thread could gain access to the outside system by crashing the tracing thread. Right now, this is easy. Just pollute the thread's stack (located at 0x50000000-0x50001000 for your cracking convenience :-). Protecting it or unmapping it won't work because those require system calls, which will be intercepted. So, fixing this was impossible under the old implementation which had all the threads running in a single address space. Now, with the threads in different address spaces, it is possible for the tracing thread to have a stack which no other thread can touch. It would have to be malloced or mmapped private. All kernel data is shared. The next problem is the kernel text and data. It might seem that polluting this could only hurt the hostile thread and its innocent comrades, but by locating its own task structure and modifying .thread.tracing and/or .thread.want_tracing, it could fool the tracing thread into giving it access to the outside system. This is solved by protecting the kernel text and data on entry to user mode and unprotecting it on exit to kernel mode. This would be done from syscall_handler for system calls, which runs on the process stack. Interrupts would have to run on a third stack (not process or kernel) which is always unprotected. It doesn't matter if it gets corrupted, because it will be orverwritten anyway. Jeff |
