From: Chris L. <sa...@sk...> - 2000-07-08 01:16:13
|
Oh, I see... No, I wasn't talking about doing it as preprocessing step, nor eliminating the tracing thread. I was talking about replacing int 80's as they are found, with ud2 (ud2 is a 2 byte opcode that generates an illegal instruction exception [SIGILL]). That way any int 80s would still be trapped. Thanks for clearing up why you change the syscall to getpid... that makes much more sense now. :) -Chris On Fri, 7 Jul 2000, Jeff Dike wrote: > sa...@sk... said: > > How would security be reduced by having an alternate system call entry > > point? > > It's reduced if the alternate system call entry point can be turned off by the > process. One of the proposals was to replace "int 0x80" with a direct call > into the kernel. If that is done by a preprocessor, and there is also no > system call tracing (this bit wasn't explicitly proposed by anyone), then the > direct call can be rewritten by the process back into a system call into the > host kernel. > > > If so, using 'ud2' to get into the kernel would be the same as using a > > tracing thread... tracing is disabled on entrance, because we 'know' > > we are in safe code... > > What is ud2, anyway? Never heard of it... > > And there's one thing I forgot to mention: > > jd...@ka... said: > > My long-term plan for system calls is to eliminate the tracing thread > > altogether. There are two aspects to this - making threads able to > > PTRACE_CONT and PTRACE_SYSCALL themselves, and allowing threads to > > intercept their own system calls. > > <snip> > > And that is that plan for eliminating the tracing thread isn't exactly set in > stone. If anyone has better ideas, I'll happily drop my own crappy plans, and > go with them. > > Jeff > > > > _______________________________________________ > User-mode-linux-devel mailing list > Use...@li... > http://lists.sourceforge.net/mailman/listinfo/user-mode-linux-devel > |